I've no doubt America has its fair share of hard working folks, and its share of lazy ones too.
However, also remember that you hold a large percentage of the worlds wealth (in those 'Corporations'), consume huge amounts of oils, are the worlds largest polluter and hold various other unfortunate records. So please don't cry about your cost of living. Most of the rest of the world has it tougher than you.
For what it's worth, i'm Australian and share the same guilt and shame that a lot of Americans seem to about how we treat ourselves, our indigenous people, our environment, and the rest of the world (www.sorryeverybody.com).
"A source control system should enforce immutability of older revisions. Only administrators should have any delete powers at all to clean up, and the idea of modification of committed revisions should be right out! I expect the server to enforce this."
Agreed. However, reading the subversion users mailing list (search for "obliterate"), there appear to be situations where some folks find it necessary to alter committed revisions due to storage requirements.
And hopefully your dimitted ass will next time understand that he said "We can" rather than "We will" or "We have to"
I wish the parent poster good luck, I work in the health sector in government in Oz and I hate our my (our) tax dollars going to M$ (convicted monopolist and pirate) when they could be better used elsewhere.
With quality cross-platform technologies (Mono,OpenOffice,Firefox,Thunderbird) there is a real chance now that we can break the M$ stranglehold, it will take another 10 years, but 5 years ago I could never have seen it happen...at least now there is hope.
"Allow in ' and some others, and you're inviting SQL injection attacks. Allow in left angle bracket and some others, and you're inviting cross-site scripting."
No your not...anything sensitive leaving the client over the wire should be over HTTPS or hashed on the client and sanitised on the server.
Here's how I do logins....flame on!
Client login process involves 2 trips from client to server. The first trip authenticates the user(name), and if successful returns a random string back to the client, which is then combined with the passphrase and sent to the server to verify a match. The actual password is never sent over the wire, even in an encrypted form. There is also a limit to the number of access attempts any one client can make in a single session before being blocked, normally around 3 to 5 attempts. An adminstrator should be notified if there are repeated access failures.
1. Client - User enters user-name (USER) and pass-phrase (PASS) - USER# = md5( USER ) - Send USER# to Server
2. Server - Strike 3? Your out! - USER# == md5( md5( KEY ) + USER# ) - Search for USER# in database - FOUND = RECORDCOUNT == 1 && USER# == dbUSER - FOUND? Y: Create random string. RAND# = md5( mt_rand() ) save in local storage along with USER# then send RAND# to Client - FOUND? N: Strike 1..2..3...Your out (strikes based on session)
3. Client - Concatenate random string from server, hash with password - PASS# = md5( md5( PASS ) + RAND ) - Send PASS# to Server
4. Server - Retrieve USER# and RAND# from local storage - Retrieve password from database (dbPASS) using USER# and compare - MATCH = md5( PASS# + RAND# ) == md5( dbPASS + RAND# ) - MATCH? Y: Access granted, return access level - MATCH? N: Strike 1...2...3? Your out!
Note Currently we are using Message Digest 5 (MD5) to calculate the hashed result, however this may change in the future to SHA1 (or stronger) if MD5 is found to be too weak.
Ha! I develop on WinXP SP1 and SuSE 9.2 (dual boot).
I have all the same services starting up (Apache, Firebird, Firewall, etc) on both boxes. I do have a bit of stuff started, but since I develop cross-platform apps and use both operating systems (slowly weaning myself off windows), the tools are pretty much the same.
WinXP takes ~5 minutes to load everything up. Linux takes ~2 minutes to load everything up.
When I installed SuSE Linux, it took around 1.5 minutes to boot, granted it hasn't been alive as long as Windows, but the startup time hasn't increased much as Windows.
If I reinstalled Windows it would boot faster, but give it a few months and it would be crud again.
The weaning process is going well though, the best thing i've discovered is using Thunderbird for email with the mailbox stored on a FAT32 partition (so both O/S's can read it), that way you can swap from one O/S to the other and not worry about losing mail. Add Firefox's Synchronise Bookmarks extension (access from ftp, http(s)), and Calendar extension (access from WebDAV) to the mixture and one can quite nicely exist in both environments...
Try XLink Kai then. I can't (won't and don't want to) use XBox Live, but i've been having an absolute hoot playing Halo2 through Kai...much to the detriment of my real work:)
The latest Linux version of Kaid is usable, as is the Java UI (haven't tried the ncurses UI yet) and XMBC integration. They're all actively supported and getting better with each release.
-=> Hate to break the news to you Eclipse is not that good.
Stop trolling knee jerker, give us some details as to why Eclipse blows.
I think Eclipse is great, it has allowed me to move from Windows to Linux whilst still developing. I use Eclipse for PHP, Actionscript, HTML & CSS, Ant tasks (build and deploy), Docbook markup (using OxygenXML plugin). Plus the integration of CVS and SVN version control is good and 3.0.1 crashes very rarely in both Windows and Linux environments.
But, I guess it is always easier to criticise without backing up your claims.
-=> it is a bloated toy (using Berkeley DB for versioned tree storage is just the most bizarre decision)
BDB is optional in svn 1.1
http://subversion.tigris.org/svn_1.1_releasenote s. html
Having been bitten by non-atomic nature of CVS, i'm very pleased to be using SVN when I can. I'd recommend it to anyone who is willing to use a version control tool and absorb it's associated documentation. svnbook.red-bean.com is superb!
Personally, I don't get Tom Lord's whinging about SVN administration. I introduced SVN to our team and have setup 35 repositories, there has been _ZERO_ administration time spent on those repositories (even in a windows environment!)
Sounds like he's just jealous of SVN's success, and if it's just a toy, then you'd better tell the Apache developers to stop playing;-)
Actually they might, hackers would probably have a field day finding new exploits and all those who aren't on the upgrade gravy train would be put further at risk then they already are (just ask CERT:)
Fourth, the configuration of the web server needs to be such that PHP code is properly protected, with.htaccess restrictions in code lib directories and careful consideration over other virtualhosts that might have php disabled in a higher-level directory.
Why not go even further? The only php scripts I place under document root (public_html) are those which have no database access or call other scripts which are tucked away from the public eye.
Using the php_include directive makes this easy.
peace
si
ps. I'd welcome any feedback from security experts (white or black, it's all good) about an open source tool i've written in PHP and Flash Actionscript. It's a database abstraction and automation layer - flashPash.sshnug.com - and since it typically stores database table and field metadata on the client side (and is therefore world readable), security was something I spent a fair bit of time being paranoid about.
Agreed, i'm no network engineer, but after having just setup my first home wireless (11g) network, I found my 11g card LED's to be constantly flickering, fire up Ethereal and 2 minutes later I had a dump of the traffic (which turned out to be XML SOAP envelopes) and a much better idea of who to ask and what to report on.
I've done several first aid courses and each one the instructor said *NOT* to perform the heimlich, as it's too dangerous.
Best bet (if my memory serves me) was to give choking victim 2-3 _hard_ slaps in the middle of their back whilst they were slightly bent over (as in their hands were touching a chair).
If that doesnt work, place in recovery position, ensure tongue and airway is as clear as possible, and perform downward lateral thrusts on the side of ribcage.
Disclaimer: I am not a doctor or paramedic, usual DR.ABC pre-checks...
Perhaps your stuck in the same mindset as those who just produce promo's and annoying ads with Flash. Time to get into the 21st century.
With it's browser and platform neutrality, in-built XML support, vector scaling and a decent language, it makes for a great client-side framework (and presentation layer) for `real` applications.
I know cause I'm building a large app now using Flash MX as the front end. We're most of the way through, it's working, and there is just no way any other technology currently out there (or in the forseeable future) that can touch Flash in the open market.
HTML, DHTML, CSS, JS, etc all feels like doing one gigantic kludge building `real` web-based apps with, at least with Flash we can have a class hierarchy, proper objects and reuseble, extensible components.
It's not perfect by a long shot, the IDE is still flakey and I work mostly from a text editor and just use the IDE to compile...But IMHO it's the best out there...SVG isn't close.
FWIW, the client-side part of our app is ~350KB total, with all libraries and forms included. We have dozens of forms (with 100's of nested submovies), each of these have multiple datagrids and other UI components. The functionality we get is not reproducable using conventional web tools.
Thanks to vector scaling and the multitude of players, our app can run at 1024x768->1600x1200 (or higher) on most browsers for a Mac, Linux or Win box with no code changes!
Personally I'm stoked about the WINE news, since Flash MX is the last windows-centric application that is keeping me on WinXP...i've been using Firebird/Firefox and Thunderbird waiting for the day and should now be fully weaned for Linux.
peace si
p.s. I don't mind all you code monkeys thinking Flash sucks, those of us who don't can continue on making a nice (open source) business out of it, I know this code monkey has!:D
Hey! Don't laugh, it's not funny, I have to support a SCO box which is used as part of our interface engine.
Needless to say it's the slowest/crashiest bucket of shit we have and whenever something goes wrong, it's the first place we look...most of our tech ops hate even touching the console.
Fortuntately, the harddrive died today (a good omen methinks:) so we can finally replace it...Wooohoo!
You don't have to be unemployed to do this, just willing to forgo some sleep:) My girlfriend and I have setup our own company after developing some FOSS software (see URL) and being approached by people interested in using it to build other FOSS software. Although when I first started writing it, I never planned for this to happen, but we now have some donated hardware, some dosh in the bank and lots of future potential. Even if it doesn't succeed i've learnt so much from the process it has been worthwhile...oh...and the 2.8GHz notebook with 1G RAM and 16.1" monitor doesn't hurt either;-)
My advice: You don't need lots of cash, just lots of motivation, so find your niche, see what's already out there, and if you think you can do better, GO FOR IT!
Slashdot Mirror
so will the online ones when some free alternative gets good enough.
they already have
I've no doubt America has its fair share of hard working folks, and its share of lazy ones too.
However, also remember that you hold a large percentage of the worlds wealth (in those 'Corporations'), consume huge amounts of oils, are the worlds largest polluter and hold various other unfortunate records. So please don't cry about your cost of living. Most of the rest of the world has it tougher than you.
For what it's worth, i'm Australian and share the same guilt and shame that a lot of Americans seem to about how we treat ourselves, our indigenous people, our environment, and the rest of the world (www.sorryeverybody.com).
"A source control system should enforce immutability of older revisions. Only administrators should have any delete powers at all to clean up, and the idea of modification of committed revisions should be right out! I expect the server to enforce this."
Agreed. However, reading the subversion users mailing list (search for "obliterate"), there appear to be situations where some folks find it necessary to alter committed revisions due to storage requirements.
Can't say I find it a good idea, but some do.
And hopefully your dimitted ass will next time understand that he said "We can" rather than "We will" or "We have to"
I wish the parent poster good luck, I work in the health sector in government in Oz and I hate our my (our) tax dollars going to M$ (convicted monopolist and pirate) when they could be better used elsewhere.
With quality cross-platform technologies (Mono,OpenOffice,Firefox,Thunderbird) there is a real chance now that we can break the M$ stranglehold, it will take another 10 years, but 5 years ago I could never have seen it happen...at least now there is hope.
that depends on how hot your cousin is...
"Allow in ' and some others, and you're inviting SQL injection attacks. Allow in left angle bracket and some others, and you're inviting cross-site scripting."
No your not...anything sensitive leaving the client over the wire should be over HTTPS or hashed on the client and sanitised on the server.
Here's how I do logins....flame on!
Client login process involves 2 trips from client to server. The first trip authenticates the user(name),
and if successful returns a random string back to the client, which is then combined with the passphrase
and sent to the server to verify a match. The actual password is never sent over the wire, even
in an encrypted form. There is also a limit to the number of access attempts any one client can make
in a single session before being blocked, normally around 3 to 5 attempts. An adminstrator should
be notified if there are repeated access failures.
1. Client
- User enters user-name (USER) and pass-phrase (PASS)
- USER# = md5( USER )
- Send USER# to Server
2. Server
- Strike 3? Your out!
- USER# == md5( md5( KEY ) + USER# )
- Search for USER# in database
- FOUND = RECORDCOUNT == 1 && USER# == dbUSER
- FOUND? Y: Create random string. RAND# = md5( mt_rand() ) save in local storage along
with USER# then send RAND# to Client
- FOUND? N: Strike 1..2..3...Your out (strikes based on session)
3. Client
- Concatenate random string from server, hash with password
- PASS# = md5( md5( PASS ) + RAND )
- Send PASS# to Server
4. Server
- Retrieve USER# and RAND# from local storage
- Retrieve password from database (dbPASS) using USER# and compare
- MATCH = md5( PASS# + RAND# ) == md5( dbPASS + RAND# )
- MATCH? Y: Access granted, return access level
- MATCH? N: Strike 1...2...3? Your out!
Note
Currently we are using Message Digest 5 (MD5) to calculate the hashed result, however
this may change in the future to SHA1 (or stronger) if MD5 is found to be too weak.
Ha! I develop on WinXP SP1 and SuSE 9.2 (dual boot).
I have all the same services starting up (Apache, Firebird, Firewall, etc) on both boxes. I do have a bit of stuff started, but since I develop cross-platform apps and use both operating systems (slowly weaning myself off windows), the tools are pretty much the same.
WinXP takes ~5 minutes to load everything up.
Linux takes ~2 minutes to load everything up.
When I installed SuSE Linux, it took around 1.5 minutes to boot, granted it hasn't been alive as long as Windows, but the startup time hasn't increased much as Windows.
If I reinstalled Windows it would boot faster, but give it a few months and it would be crud again.
The weaning process is going well though, the best thing i've discovered is using Thunderbird for email with the mailbox stored on a FAT32 partition (so both O/S's can read it), that way you can swap from one O/S to the other and not worry about losing mail. Add Firefox's Synchronise Bookmarks extension (access from ftp, http(s)), and Calendar extension (access from WebDAV) to the mixture and one can quite nicely exist in both environments...
Try XLink Kai then. I can't (won't and don't want to) use XBox Live, but i've been having an absolute hoot playing Halo2 through Kai...much to the detriment of my real work :)
XLink KaiThe latest Linux version of Kaid is usable, as is the Java UI (haven't tried the ncurses UI yet) and XMBC integration. They're all actively supported and getting better with each release.
-=> Hate to break the news to you Eclipse is not that good.
Stop trolling knee jerker, give us some details as to why Eclipse blows.
I think Eclipse is great, it has allowed me to move from Windows to Linux whilst still developing. I use Eclipse for PHP, Actionscript, HTML & CSS, Ant tasks (build and deploy), Docbook markup (using OxygenXML plugin). Plus the integration of CVS and SVN version control is good and 3.0.1 crashes very rarely in both Windows and Linux environments.
But, I guess it is always easier to criticise without backing up your claims.
-=> Arch is all of the above.. EXCEPT
e s. html
;-)
Cross-platform.
-=> it is a bloated toy (using Berkeley DB for versioned tree storage is just the most bizarre decision)
BDB is optional in svn 1.1
http://subversion.tigris.org/svn_1.1_releasenot
Having been bitten by non-atomic nature of CVS, i'm very pleased to be using SVN when I can. I'd recommend it to anyone who is willing to use a version control tool and absorb it's associated documentation. svnbook.red-bean.com is superb!
Personally, I don't get Tom Lord's whinging about SVN administration. I introduced SVN to our team and have setup 35 repositories, there has been _ZERO_ administration time spent on those repositories (even in a windows environment!)
Sounds like he's just jealous of SVN's success, and if it's just a toy, then you'd better tell the Apache developers to stop playing
-=> and it ruins the best test we have to screen for infection - the ppd (TB skin test)
Bzzzt...WRONG!
Thanks to a new Australian company, there is an improved test now being marketed globally:
http://www.cellestis.com/
I believe their focus in the US is on your prisons and military forces.
Actually, #2 looks like it's fixed, i'm on 1.0PR and /. has rendered fine...it wasn't (occasionally) on 0.9.3 and lower.
-=> Microsoft would have nothing to lose
Actually they might, hackers would probably have a field day finding new exploits and all those who aren't on the upgrade gravy train would be put further at risk then they already are (just ask CERT:)
-=> easy filter setup
Keh? Thunderbird's filtering is simple to setup, and extremely powerful. How could they make it any easier?
peace
si
I dislike proprietary standards (like
Have you read the Mono FAQ?
That's keeping me interested...and yes, let us hope Novell has lost it's golden touch
peace
si
I'll take Filezilla over SmartFTP anyday.
BeyondCompare is great, as is TortoiseSVN and/or TortoiseCVS if your a code monkey.
Fourth, the configuration of the web server needs to be such that PHP code is properly protected, with
Why not go even further? The only php scripts I place under document root (public_html) are those which have no database access or call other scripts which are tucked away from the public eye.
Using the php_include directive makes this easy.
peace
si
ps. I'd welcome any feedback from security experts (white or black, it's all good) about an open source tool i've written in PHP and Flash Actionscript. It's a database abstraction and automation layer - flashPash.sshnug.com - and since it typically stores database table and field metadata on the client side (and is therefore world readable), security was something I spent a fair bit of time being paranoid about.
Agreed, i'm no network engineer, but after having just setup my first home wireless (11g) network, I found my 11g card LED's to be constantly flickering, fire up Ethereal and 2 minutes later I had a dump of the traffic (which turned out to be XML SOAP envelopes) and a much better idea of who to ask and what to report on.
Great software!
Ahhh but if you have a scripted language like PHP, those extra lines of code also soak up time to read and interpret.
:)
The single line example was cleaner (IMO) but also less extensible.
Eeeesh, you'd think i'd have better things to write about on a monday morning
/anal mode/
$access = ( $partner == 'google' | $partner == 'slashdot' )
-=> ActionScript, like JavaScript, is still a scripting language, meaning it is executed in an interpreter at runtime
:)
For real? I thought ActionScript compiled to Shockwave bytecode, and the plugin/projector then plays this on whatever O/S or browser you're on?
Maybe MING falls into this category for server-side SWF creation but i'm not sure about everything else...
flame on
peace
si
-=> but won't consent to the heimlich
p df
:)
Fair enough, I wouldn't either!
I've done several first aid courses and each one the instructor said *NOT* to perform the heimlich, as it's too dangerous.
Best bet (if my memory serves me) was to give choking victim 2-3 _hard_ slaps in the middle of their back whilst they were slightly bent over (as in their hands were touching a chair).
If that doesnt work, place in recovery position, ensure tongue and airway is as clear as possible, and perform downward lateral thrusts on the side of ribcage.
Disclaimer: I am not a doctor or paramedic, usual DR.ABC pre-checks...
Okay, flame paranoia led to some digging:
http://www.stjohn.org.au/efa_pdf/choking_adult.
I was pretty close!
peace
si
Perhaps your stuck in the same mindset as those who just produce promo's and annoying ads with Flash. Time to get into the 21st century.
:D
With it's browser and platform neutrality, in-built XML support, vector scaling and a decent language, it makes for a great client-side framework (and presentation layer) for `real` applications.
I know cause I'm building a large app now using Flash MX as the front end. We're most of the way through, it's working, and there is just no way any other technology currently out there (or in the forseeable future) that can touch Flash in the open market.
HTML, DHTML, CSS, JS, etc all feels like doing one gigantic kludge building `real` web-based apps with, at least with Flash we can have a class hierarchy, proper objects and reuseble, extensible components.
It's not perfect by a long shot, the IDE is still flakey and I work mostly from a text editor and just use the IDE to compile...But IMHO it's the best out there...SVG isn't close.
FWIW, the client-side part of our app is ~350KB total, with all libraries and forms included. We have dozens of forms (with 100's of nested submovies), each of these have multiple datagrids and other UI components. The functionality we get is not reproducable using conventional web tools.
Thanks to vector scaling and the multitude of players, our app can run at 1024x768->1600x1200 (or higher) on most browsers for a Mac, Linux or Win box with no code changes!
Personally I'm stoked about the WINE news, since Flash MX is the last windows-centric application that is keeping me on WinXP...i've been using Firebird/Firefox and Thunderbird waiting for the day and should now be fully weaned for Linux.
peace
si
p.s. I don't mind all you code monkeys thinking Flash sucks, those of us who don't can continue on making a nice (open source) business out of it, I know this code monkey has!
Hey! Don't laugh, it's not funny, I have to support a SCO box which is used as part of our interface engine.
Needless to say it's the slowest/crashiest bucket of shit we have and whenever something goes wrong, it's the first place we look...most of our tech ops hate even touching the console.
Fortuntately, the harddrive died today (a good omen methinks:) so we can finally replace it...Wooohoo!
peace
si
You don't have to be unemployed to do this, just willing to forgo some sleep
My advice: You don't need lots of cash, just lots of motivation, so find your niche, see what's already out there, and if you think you can do better, GO FOR IT!