There's a patch for the security regression in 2.0.51. See CAN-2004-0811 and
Apache Week for 9/23/2004
Another Apache release 2.0.52 is coming down the pike to fix this and some minor issues.
To quote ApacheWeek:
One of the new features included in [Apache 2.0.51] is that a container can now be used to limit the effect of a Satisfy directive to specific methods. Unfortunately, a bug in the implementation meant that merging of Satisfy directives did not work correctly. The result was that if "Satisfy Any" was used, for example, in directory/foo/bar/, it could also take effect in the higher context,/foo/. If directory/foo/ also had access control configured, this could then be bypassed.
It's interesting the report was requested by Congress. California has a spammer, Bill Jones, running for Senate (Republican, BTW). So we can have a spammer deciding the laws for spammers. Sort of like the fox guarding the chicken house.
California had a state law that was to go into effect where citizens can collect fines from spammers (at least in state). Unfortunately the so-called "CAN Spam Act," nullified the state law. So the CAN Spam Act actually encouraged, not discouraged SPAM. The members of Congress are no doubt technically ignorant and easily presuaded by lobbyists (especially the Direct Marketing Association) that I don't see much hope from the old geezers (no disrespect:-).
Much spam comes from Florida and my state of California. However, sad to say, California has a spamming politician. Spam King Bill Jones is running for the U.S. Senate from California. And he's not a third-party minor candidate, but the Republican nominee.
The
International Date Format, ISO 8601 is NOT being used.
What's being used is the UNIX date, which wraps around in 2038 or so. They went from a semi-good YYYYMMDDNN to a less robust 7-digit number (seconds since 1970) that wraps around in 2038.
Spam King
Bill Jones
is running for U.S. Senate from California.
He doesn't have a chance, but to make sure his
spam activities receive broad daylight, please
link to my website
http://billjonessucks.com/
until this November 2nd. Thanks. We now return you to your regular programming. . .
IANAL. I don't know about Texas, but in California an employer does NOT own your invention rights. This is true even if you signed your invention rights away in some agreement with your employer.
There's one big exception though. If you developed any of your invention rights on company time or used company resources (even if allowed), your employer has rights if you signed one of those agreements.
Casual hobbyists don't need the compiler. They can use the interpreter. Myself, I use the interpreter on a production site (PHP 4.x with Apache 2). You only need the compiler if you have a heavily-hit, CPU-intensive website (or sites).
I'm not brave enough to try PHP 5 yet, just because of possible regression with PHP packages (Phorum and SymPoll).
I suspect the ads are served through some third party or link exchange.
In any case, it doesn't bother me if Microsoft throws money at a Linux-oriented website. I can ignore or read a Microsoft add and I won't melt in anycase.
This all sounds very familiar. I had Chinese roomates back when I was a grad student. To improve their English, they got the People's Daily. It was written in broken English (at least then), but was very interesting reading between the lines. I would read about a major government initiative, say, to control water pollution. Great! Well, nothing would happen and a few months latter, I would read about another water pollution program (for example). This would repeat for other "good things."
So, the lesson is, the Chinese government leadership has very good intentions. However, they don't follow through or don't have the power to overcome inertia, bureaucracy, and corruption.
SCO has a big pot of gold, from Microsoft, to sue IBM and others. However, it takes MORE than gold to win, you have a good case. OTOH, you can sue the other party until they go broke or give up. That's not going to happen with IBM. So, lets revise this to:
All it takes is a big pot of gold to litigate your competition out of existence, but don't try it if your competition has a bigger pot of gold.
Apache 2 works for me with PHP. YMMV. The trick is to not use an external library that is thread-unsafe. I have instructions and troubleshooting information at
http://dan.drydog.com/apache2php.html
For Redhat 9 and probably other distributions, Apache 2 and PHP are supported out of the box.
Apache 2.x MPM is safe with PHP 4.3.x
on
PHP 5 RC 1 released
·
· Score: 2, Informative
Apache 2.x is safe if you use the MPM (process) model, not the thread model. The problem isn't PHP, but multiple underlying libraries used by PHP. YMMV.
Don't use PHP 5.x yet for production. Wait until it's released (at least), or a few months after the initial release.
For those not familiar with "Garden Grove" (aka "Garbage Grove:-), the Cybercafe's are not used for email, homework, or recreation. They are gathering places for Latino Gangs. There's frequent problems with fights, stabbings, and drug dealing. I wouldn't go to these places if I had to. I think some people there actually do use a computer sometimes.
I find it very funny that AOL is blocking a 1/2 trillion spams. AOL is also a host to major spammers. I know. I track it. AOL IP addresses 172.176.0.0 to 172.199.255.255 are used to host spammers (including porn).
Complain to AOL about it? They do nothing--since it's not a @aol.com address, they deny responsibility, yet collect cash from their spam customers. Very convenient. I find it funny that AOL supported the CAN SPAM act, which legalizes spam and invalidates tougher local laws, such as California's. Boycott AOL if you dislike spam.
GNOME is available with Solaris 9 out of the box (and of course a lot better than CDE:-).
Keep in mind that Solaris x86 doesn't support every hardware combination that MS Windows seems to. For details and pointers, see the Solaris x86 FAQ that I wrote.
Before HTML and spam were widespread, RTF (rich text format) was used for formatting. It has bold, italics, and many other word-processing markup. And it doesn't have embedded viruses and embedded image "bugs" to help spammers.
This is not the whole story. Not all of Swedish Telia spam are "viruses." Many (most) are from commercial outfits that use Telia's services with its full knowledge. I wish they would boot them out too. Until they do, I recommend blocking these addresses (all class B,/16):
62.20, 62.107, 194.22, 195.198, 217.208, 217.209, 217.210, 217.211, 213.64, 213.64, 213.166.
These are not all of Telia's blocks but only ones I have received spam from in the past year. Put tem in your/etc/mail/access file. E.g.:
213.64 ERROR:"550 We don't accept unsolicited email from Swedish Telia spammers"
- Dan Anderson (Swedish American who hates Swedish spam as much as Asian spam)
I find this very hypocritical.
ATT is a major service provider for spammers,
mostly through their broadband service.
I know because I have my own blacklist and
there are hundreds of Class C blocks with ATT.
ATT is very lax with enforcing any AUP they may have.
A Sun article says "When it comes to business relationships, the one between Sun Microsystems, Inc. and Ford Motor Company has always been solid." (yeah, I heard that with Firestone too--"solid":-).
Anyway, I wonder if this Linux move was at Sun's expense or was it in another area?
PHP 4.3.2 Release Summary
on
PHP 4.3.2 Released
·
· Score: 2, Informative
Ever since Apache 2.0.42, the Apache 2 developers have grown up:-) and decided to stop changing the API in what's now called the "stable" release series (currently 2.0.x).
What does that mean to you? It means you no longer have to download and recompile, from source, a new version of PHP to fix what Apache broke.
However, with Apache 2, I don't recommend the multi-threading MPM. No big deal if you're using Apache 1, since multi-threading isn't available (with UNIX/Linux at least). The problem isn't Apache or even PHP, but the scores of 3rd-party libraries PHP may hook into (depending on how much stuff you configure in PHP).
Slashdot Mirror
To quote ApacheWeek: One of the new features included in [Apache 2.0.51] is that a container can now be used to limit the effect of a Satisfy directive to specific methods. Unfortunately, a bug in the implementation meant that merging of Satisfy directives did not work correctly. The result was that if "Satisfy Any" was used, for example, in directory /foo/bar/, it could also take effect in the higher context, /foo/. If directory /foo/ also had access control configured, this could then be bypassed.
California had a state law that was to go into effect where citizens can collect fines from spammers (at least in state). Unfortunately the so-called "CAN Spam Act," nullified the state law. So the CAN Spam Act actually encouraged, not discouraged SPAM. The members of Congress are no doubt technically ignorant and easily presuaded by lobbyists (especially the Direct Marketing Association) that I don't see much hope from the old geezers (no disrespect :-).
Read all about it at billjonessucks.com
The International Date Format, ISO 8601 is NOT being used. What's being used is the UNIX date, which wraps around in 2038 or so. They went from a semi-good YYYYMMDDNN to a less robust 7-digit number (seconds since 1970) that wraps around in 2038.
Spam King Bill Jones is running for U.S. Senate from California. He doesn't have a chance, but to make sure his spam activities receive broad daylight, please link to my website http://billjonessucks.com/ until this November 2nd. Thanks. We now return you to your regular programming. . .
There's one big exception though. If you developed any of your invention rights on company time or used company resources (even if allowed), your employer has rights if you signed one of those agreements.
I just got pined to install the downloaded update and I did. It's called: Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB867801)
I'm not brave enough to try PHP 5 yet, just because of possible regression with PHP packages (Phorum and SymPoll).
In any case, it doesn't bother me if Microsoft throws money at a Linux-oriented website. I can ignore or read a Microsoft add and I won't melt in anycase.
So, the lesson is, the Chinese government leadership has very good intentions. However, they don't follow through or don't have the power to overcome inertia, bureaucracy, and corruption.
All it takes is a big pot of gold to litigate your competition out of existence, but don't try it if your competition has a bigger pot of gold.
For Redhat 9 and probably other distributions, Apache 2 and PHP are supported out of the box.
Don't use PHP 5.x yet for production. Wait until it's released (at least), or a few months after the initial release.
I have a webpage on how to build and use PHP with Apache 2.x at http://dan.drydog.com/apache2php.html 4.3.4
For those not familiar with "Garden Grove" (aka "Garbage Grove :-), the Cybercafe's are not used for email, homework, or recreation. They are gathering places for Latino Gangs. There's frequent problems with fights, stabbings, and drug dealing. I wouldn't go to these places if I had to. I think some people there actually do use a computer sometimes.
Complain to AOL about it? They do nothing--since it's not a @aol.com address, they deny responsibility, yet collect cash from their spam customers. Very convenient. I find it funny that AOL supported the CAN SPAM act, which legalizes spam and invalidates tougher local laws, such as California's. Boycott AOL if you dislike spam.
Keep in mind that Solaris x86 doesn't support every hardware combination that MS Windows seems to. For details and pointers, see the Solaris x86 FAQ that I wrote.
Before HTML and spam were widespread, RTF (rich text format) was used for formatting. It has bold, italics, and many other word-processing markup. And it doesn't have embedded viruses and embedded image "bugs" to help spammers.
These are not all of Telia's blocks but only ones I have received spam from in the past year. Put tem in your /etc/mail/access file. E.g.:
213.64 ERROR:"550 We don't accept unsolicited email from Swedish Telia spammers"
- Dan Anderson (Swedish American who hates Swedish spam as much as Asian spam)
I find this very hypocritical. ATT is a major service provider for spammers, mostly through their broadband service. I know because I have my own blacklist and there are hundreds of Class C blocks with ATT. ATT is very lax with enforcing any AUP they may have.
1893319 Sep 17 13:41 bind-9.2.2-23.i386.rpm3 86/RedHat/RPMS/
615472 Sep 17 13:41 bind-utils-9.2.2-23.i386.rpm
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i
Here's the directives I added to /etc/named.conf:
zone "com" { type delegation-only; };
zone "net" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "ws" { type delegation-only; };
A Sun article says "When it comes to business relationships, the one between Sun Microsystems, Inc. and Ford Motor Company has always been solid." (yeah, I heard that with Firestone too--"solid" :-).
Anyway, I wonder if this Linux move was at Sun's expense or was it in another area?
What does that mean to you? It means you no longer have to download and recompile, from source, a new version of PHP to fix what Apache broke.
However, with Apache 2, I don't recommend the multi-threading MPM. No big deal if you're using Apache 1, since multi-threading isn't available (with UNIX/Linux at least). The problem isn't Apache or even PHP, but the scores of 3rd-party libraries PHP may hook into (depending on how much stuff you configure in PHP).
For details on Apache 2 and PHP, see my webpage at http://dan.drydog.com/apache2php.html
SQL injection is, TF, inserting SQL code through HTLM forms. This is done by adding close and open quotes and comments.
The SQL code added could do anything, if not otherwise restricted--such as dump or modify the data base.