Re:Don't advertise version number
on
Hardening Apache
·
· Score: 1
This would not stop skilled bad guys, but would slow down those kiddies playing around.
Not in the least. My logs show tons of IIS and ancient Apache exploit attempts. Kiddies just mindlessly launch every exploit they know against any server they can find and hope to get lucky.
"from hell's heart I stab at thee; for hate's sake I spit my last breath at thee" -Khan
You should at least mention Ahab or Herman Melville. This is from Ahab's last confrontation with the whale in Moby Dick: "Towards thee I roll, thou all-destroying but unconquering whale; to the last I grapple with thee; from hell's heart I stab at thee; for hate's sake I spit my last breath at thee. Sink all coffins and hearses to one common pool!... Thus, I give up the spear!"
Mods: yes, this is offtopic. Please ignore. I just wanted to set the record stright.
if they remove these things, then there *should* be alternatives!
There ARE alternatives. One is called libusb. However, this guy decided that he'd rather not port his driver to libusb because it somehow makes it a second-rate driver, and therefore makes him a second rate developer or something... Tell that to the SANE developers, who are moving all USB scanner drivers over to use libusb.
Phishing scams have no way to determine whether the password you enter is correct or incorrect.
You're wrong. The phisher's site can immediately attempt logging into the legit site with the stolen credentials, then return an appropriate response to your browser. To you, at worst, it would look like typical net lag. This is so trivial to do that some phishers must already be doing this.
In fact, they could just proxy your connection to the original site. This way, you would actually be using the legimate site -- you could not tell any difference. It's just that all traffic would be passing through the phisher's computers too, and they could grab whatever information they wanted.
That whole perl -e 'print "something\n"' is a drag to remember. Call this command 'pell' (for Perl Tell or Perl Shell) and put it in your path (no idea why Slashdot is destorying the indenting).
It evaluates and prints its arguments (pell 1+2 is the same as perl -e 'print 1+2, "\n"'). Or, if you don't supply any arguments, it drops you into an interactive shell. Use "exit" to exit of course.
Writing proprietary software is every bit as immoral as working on the sabbath, smoking hash, and oral sex. In other words, certain closed-minded fanaticals get very worked up about it and try to bend everybody on the planet to their own personal belief system. Most people, thankfully, just live and let live.
Let's leave religion in the churches, hm?
Re:Dictionary shows GPL is less free (as in freedo
on
PHP Not Moving To The GPL
·
· Score: 2, Insightful
This is one of the dumbest analogies ever put on Slashdot (and lord knows there have been some dumb ones).
Apparently the citizens in BSDland are actually asking that you commit violence against them (create closed source commercial products). Those masochists!! And GPLland is operating under the mistaken belief that source code is a God-given right.
Um, BSD is nothing like anarchy, and the GPL is nothing like western democracy. Try agin.
Lest you get distracted again, this is the statement you're trying to disagree with: "Given two licenses the one with the fewer strings is the more free, i.e. GPL is the less free of the two." Good luck!
I paid my $10.00 to download They Might Be Lost just before bed last night. It can download all night, then I have new music to listen to in the morning!
Except that they give you a page with 21 download links on it! That's right: click on the first track, click save. Click on the next track, wait for the save dialog to show up, click save. Click on the third track, wait a LONG time for the save dialog... It's insane.
But it gets worse. Each file wants to be named "tmbg_6134634563543_12.mp3" instead of, say, "12 - Reprehensible.mp3". I haven't managed to download any tracks yet so know about the tagging but, given the file names, I don't expect much...
And, they give you only a six hour window in which to download everything! I was too tired to go through the hassle last night, so I went to bed. This morning, of course, I'm locked out.
You've got to be kidding me. I still buy my music because I believe artists should be paid for their hard work (buying CDs direct from the band in small venues is my favorite). But, let me tell you, file sharing is one hell of a lot easier to use than this site! At least I can download all the tracks at once, have it work overnight, and they're usually named something sensible.
Please contact me when I can click *one* link, then download properly named files. Anything else is just a waste of my time.
If you drive down my street, you'll find a number of open access points, including mine. Please come on by and use them. That's what they're there for.
You know, you can get your own cable modem for $25/mo and hack into all the systems you possibly can from the comfort of your own couch. Anonyminity is easy enough. If you really do want to hide behind a wireless AP, you're going to drive to the local universtiy and get many mbit/sec. I highly doubt you're going to park outside my house and use my tiny stream.
But if you do, I'll be watching you. I look forward to learning new tricks. Come on by!
I loved my ][e. The indestructable keyboard sure wasn't finger-friendly though. That's got to be the reason they guy in the video is typing so e x c r u c i a t i n g l y . s l o w l y . . .
There are three things that drive me nuts about X's clipboard:
Select some text, go to middle-click-paste but discover that the destination already has text in it (this Ask Slashdot issue).
The clipboard disappears when you quit the application. Try it: copy some text, quit the app that you copied it from, and then try to paste.
You can only copy and paste plain text. Sure, it's theoretically possible to push alternate mime types up there too but that gets heavy really quick. I have yet to see a non-plain-text clipboard move correctly between two different Linux apps.
Gnome Clipboard Daemon tries to fix the second problem. I have no idea how to fix the third. And here's a proposed solution for the first problem:
Almost every text-entry box ever made has some sort of label or widget on its left identifying it (the URL bar has little "Go" or world icons, dialog boxes have "Labels: ", etc). Just adopt the convention that a middle-click on the text box's label replaces all the text in the box with the primary X selection. For example, middle clicking on the little world icon next to the left of the URL box would replace the URL with the current selection (but would not automatically go there, allowing you to edit it before hitting return). A middle click inside the textbox itself inserts text as it always has.
It's intuitive, consistent, finger-compatible and easy to implement, especially if the toolkits support it natively.
Excellent antialiasing, excellent fonts with good kerning, great drop shadows, lots of repititive work assembled pretty much flawlessly... This chart gets an A+ for style (which is pretty rare in the non-Mac Unix world).
Does anybody know the tool Mark Lentcner used to make it? Illustrator? Could I be so bold as to hope that Sodipodi or Inkscape are now capable of something like this?
Anyone think of even one music video director who has gone on to make a successful full length feature? I can't.
(guidemaker): David Fincher? Michel Gondry? (macthulu): Spike Jonze? (me): Joseph 'McG' Nichol?
So, yes, there have been quite a few.
"...indelibly impressed on my mind like a hulk of a wrecked ship"?? Good lord, man, it's quite clear that you don't know much about good writing yourself.
It's easy to orbit the sun (heck, you're doing that right now), but it's pretty hard to actually hit it.
Let's say you're a satellite orbiting earth and you want to hit the earth's surface as soon as possible. What direction should you fire your thrusters? Assume current techology: you have relatively little thrust at your disposal.
Most people say, "fire the thrusters directly away from the earth!" This is actually wrong. It will make your orbit elliptical, but it would take a very long time to actually hit the earth. The best direction to fire is exactly against the direction of your forward motion, tangential to earth. Slow yourself down and let the earth's gravity take over.
The moon orbits the earth at 2300 MPH (1 km/s), but orbits the earth at 67,000 MPH (30 km/s). This should give some idea as to the difference in scale. There are more difficulties too, mostly because you're trying to boost yourself UP to the moon but DOWN to the sun.
Of course, you could also shoot yourself toward another planet and get a gravity assist toward the sun. That would take a lot less energy but a lot more time.
So you can use {TAG} instead of <% $TAG %>. True, that _is_ nicer, but I'm not sure it justifies a whole new language. Everything else you said (organizing the project as MVC, encapsulation, separate business logic, static templates) can be applied to PHP itself just as easily as it can be applied to any templating system.
What am I missing here?
PHP is ITSELF a templating language
on
PHP Template Engines?
·
· Score: 2, Interesting
I have yet to see a PHP templating engine that can do more than PHP itself. Variables, tag substitution, subfiles, looping... It's all in there at extremely low overhead. You just have to use PHP the same way you'd use the templating engine (separate business logic and content, etc).
Can anybody explain what any of these templating engines gives you that can't be found in PHP natively?
Last I heard they were planning to use Wine to provide the GUI.Forms interface. Good luck is all I have to say. Seems like it would be better to make a Forms-to-Gtk (prefer) or Forms-to-Qt interface.
Microsoft clumsily exposed a lot of the Win32 API underneath the Forms API. Bindings must either reimplement significant portions of the Win32 API (good luck!), or call through and let Wine handle the messy bits.
Either way is sub-optimal, but at least using Wine is realistic!
I don't mean to imply that graying out is always bad. In trivial cases, as you observed, it's amazingly useful. This case, however, is definitely not trivial. Have you ever hunted all over a user interface trying to figure out why the hell a particular menu item is grayed out? I have. It's agonizing. Mac apps from the early 90s were notorious for this.
There have been some solutions in the past. Balloon help did a really good job of explaining WHY a particular menu item was grayed out. It's too bad it worked so poorly and looked so stupid. I've seen Microsoft apps put the info in the status bar when you hover over a menu item. This is good too. But, please, never gray something out if the reason is not immediately obvious.
Wizards aren't MS-specific. Heck, OSX uses them a lot. It's a way of taking the user by the hand and guiding him or her through a complex process. It's true that MS has given Wizards a bad name by using them all over the fricken place, but that doesn't mean they're all bad.
Here's how my proposed wizard would work. My apolgies for the ugliness of the following. I made some really nice ascii art but the lameness filter rejected it.
All local printers would be displayed. The first unconfigured local printers will be preselected. Clicking the Select Network button takes to to step 2, Next takes you to step 4.
2. Select Network Printer Type:
o Internet Printing Protocol o Windows (SMB) o Unix (LPD) [Next]
3. Browse Network Printers
.-------------- | SMB or IPP browser '---------------
| Editable Text Box to display/accept share name |
[next]
4. Configure selected printer... (insert rest of wizard here).
I can't think of an easier or more capable way of solving this problem. If you can, I'd love to hear it.
I know this will sound trite, but look at Apple's Human Interface Guidelines for some very sound principles in UI design.
I was a Mac developer for 4 years... I can quote those guidelines backwards and forwards. I think I still have a copy in my garage. The problem is, they are definitely showing their age. As you noted, even Apple doesn't strictly ahdere to them anymore. The world is a more complex place now.
ESR says, "Let's go back to the queue type selection screen. Remember that one? It looks like this: Locally connected, Networked CUPS (IPP), Networked Unix (LPD), Networked Windows (SMB), Networked Novell (NCP), Networked JetDirect". He then goes on to say that all of this should be autodetected and then the irrelevant options grayed out. According to him, each host do a Christmas tree scan (!!) of the local network to see what printer types to prompt for.
First of all, he'd better stay the hell away from my network. I thank goodness that no other (non-script-kiddie) application on this planet performs unprompted scans like this. DHCP, of course, doesn't count.:)
Second, what if the printer is currently down? Or I'm configuring a machine to be installed offsite? I can think of any number of scenarios where I'd want to configure a network printer that isn't currently on the network.
A program should NEVER think that it's smarter than the user. What if CUPS doesn't detect "wvlan0" as a network interface? Well, it would gray out all the network printer options. But that's clearly wrong -- the user *knows* that the machine is networked. If CUPS allowed him to configure the network printer, everything would just work. Note that CUPS probably should put up a warning dialog "Warning: I could not detect a network -- do you want to continue," but it should not prevent or restrict anything.
ESR's solution relies on too much magic and will cause support nightmares. It is too system-dependent -- it might work on Red Hat, but it'll probably break on SuSE. Or an ARM-based machine. Or a token ring network. Etc. And when it breaks, the user will be surprised and have no other recourse than to consult the documentation.
Incidentally, graying something out is almost always wrong because it gives no indication as to why it's grayed out! You should let the user select it, then put up an informative dialog telling the user that what he's doing doesn't make sense, and what he or she might do to fix it. Always, always, always tell WHY.
Yes, the CUPS UI is flawed ("client-error-forbidden! client-error-forbidden!"), but ESR's proposal is even worse. It's a measly six-item menu! If Easy Software did try to implement it, after a ton of programmer time they'd have an interface that is more surprising, less informative, and more fragile. Not a step in the right direction.
The proper way to fix this unfriendly menu is to create a wizard The first page would allow you to select a locally-connected printer or, if there are no unconfigured local printers, a network printer (possibly launching a Samba browser to help). Wizards are great for reducing perceived complexity without reducing functionality.
Creating a good user interface is hard. I think that ESR just proved this.:)
And burn the iso. I'm sure k3b would be easier than the command line but I can't get it to work under 2.6.3. The cdrecord command line would be something like: cdrecord -v -eject speed=16 dev=ATA:1,0,0 driveropts=burnfree boot622.iso
Slashdot Mirror
Not in the least. My logs show tons of IIS and ancient Apache exploit attempts. Kiddies just mindlessly launch every exploit they know against any server they can find and hope to get lucky.
You should at least mention Ahab or Herman Melville. This is from Ahab's last confrontation with the whale in Moby Dick: "Towards thee I roll, thou all-destroying but unconquering whale; to the last I grapple with thee; from hell's heart I stab at thee; for hate's sake I spit my last breath at thee. Sink all coffins and hearses to one common pool! ... Thus, I give up the spear!"
Mods: yes, this is offtopic. Please ignore. I just wanted to set the record stright.
"10 gigabit ought to be enough for anybody."
-- Vilim
(is this a fair summary of your post?)
if they remove these things, then there *should* be alternatives!
There ARE alternatives. One is called libusb. However, this guy decided that he'd rather not port his driver to libusb because it somehow makes it a second-rate driver, and therefore makes him a second rate developer or something... Tell that to the SANE developers, who are moving all USB scanner drivers over to use libusb.
I think I speak for everybody here when I say, who cares??
Phishing scams have no way to determine whether the password you enter is correct or incorrect.
You're wrong. The phisher's site can immediately attempt logging into the legit site with the stolen credentials, then return an appropriate response to your browser. To you, at worst, it would look like typical net lag. This is so trivial to do that some phishers must already be doing this.
In fact, they could just proxy your connection to the original site. This way, you would actually be using the legimate site -- you could not tell any difference. It's just that all traffic would be passing through the phisher's computers too, and they could grab whatever information they wanted.
For fun, add Term::Readline capability. :)
Writing proprietary software is every bit as immoral as working on the sabbath, smoking hash, and oral sex. In other words, certain closed-minded fanaticals get very worked up about it and try to bend everybody on the planet to their own personal belief system. Most people, thankfully, just live and let live.
Let's leave religion in the churches, hm?
This is one of the dumbest analogies ever put on Slashdot (and lord knows there have been some dumb ones).
Apparently the citizens in BSDland are actually asking that you commit violence against them (create closed source commercial products). Those masochists!! And GPLland is operating under the mistaken belief that source code is a God-given right.
Um, BSD is nothing like anarchy, and the GPL is nothing like western democracy. Try agin.
Lest you get distracted again, this is the statement you're trying to disagree with: "Given two licenses the one with the fewer strings is the more free, i.e. GPL is the less free of the two." Good luck!
Will there ever be a .xxx tld? Seems like this would be a lot more useful...
I paid my $10.00 to download They Might Be Lost just before bed last night. It can download all night, then I have new music to listen to in the morning!
Except that they give you a page with 21 download links on it! That's right: click on the first track, click save. Click on the next track, wait for the save dialog to show up, click save. Click on the third track, wait a LONG time for the save dialog... It's insane.
But it gets worse. Each file wants to be named "tmbg_6134634563543_12.mp3" instead of, say, "12 - Reprehensible.mp3". I haven't managed to download any tracks yet so know about the tagging but, given the file names, I don't expect much...
And, they give you only a six hour window in which to download everything! I was too tired to go through the hassle last night, so I went to bed. This morning, of course, I'm locked out.
You've got to be kidding me. I still buy my music because I believe artists should be paid for their hard work (buying CDs direct from the band in small venues is my favorite). But, let me tell you, file sharing is one hell of a lot easier to use than this site! At least I can download all the tracks at once, have it work overnight, and they're usually named something sensible.
Please contact me when I can click *one* link, then download properly named files. Anything else is just a waste of my time.
Good thing I paid by credit card...
If you drive down my street, you'll find a number of open access points, including mine. Please come on by and use them. That's what they're there for.
You know, you can get your own cable modem for $25/mo and hack into all the systems you possibly can from the comfort of your own couch. Anonyminity is easy enough. If you really do want to hide behind a wireless AP, you're going to drive to the local universtiy and get many mbit/sec. I highly doubt you're going to park outside my house and use my tiny stream.
But if you do, I'll be watching you. I look forward to learning new tricks. Come on by!
I loved my ][e. The indestructable keyboard sure wasn't finger-friendly though. That's got to be the reason they guy in the video is typing so e x c r u c i a t i n g l y . s l o w l y . . .
- Select some text, go to middle-click-paste but discover that the destination already has text in it (this Ask Slashdot issue).
- The clipboard disappears when you quit the application. Try it: copy some text, quit the app that you copied it from, and then try to paste.
- You can only copy and paste plain text. Sure, it's theoretically possible to push alternate mime types up there too but that gets heavy really quick. I have yet to see a non-plain-text clipboard move correctly between two different Linux apps.
Gnome Clipboard Daemon tries to fix the second problem. I have no idea how to fix the third. And here's a proposed solution for the first problem:Almost every text-entry box ever made has some sort of label or widget on its left identifying it (the URL bar has little "Go" or world icons, dialog boxes have "Labels: ", etc). Just adopt the convention that a middle-click on the text box's label replaces all the text in the box with the primary X selection. For example, middle clicking on the little world icon next to the left of the URL box would replace the URL with the current selection (but would not automatically go there, allowing you to edit it before hitting return). A middle click inside the textbox itself inserts text as it always has.
It's intuitive, consistent, finger-compatible and easy to implement, especially if the toolkits support it natively.
That's not true anymore. I do gapless VBR all the time using LAME.
Note that your player must also support gapless playback. XMMS doesn't.
Excellent antialiasing, excellent fonts with good kerning, great drop shadows, lots of repititive work assembled pretty much flawlessly... This chart gets an A+ for style (which is pretty rare in the non-Mac Unix world).
Does anybody know the tool Mark Lentcner used to make it? Illustrator? Could I be so bold as to hope that Sodipodi or Inkscape are now capable of something like this?
Anyone think of even one music video director who has gone on to make a successful full length feature? I can't.
(guidemaker): David Fincher? Michel Gondry?
(macthulu): Spike Jonze?
(me): Joseph 'McG' Nichol?
So, yes, there have been quite a few.
"...indelibly impressed on my mind like a hulk of a wrecked ship"?? Good lord, man, it's quite clear that you don't know much about good writing yourself.
For those of you that don't know how ICANN operates, here is a transcript of one of their meetings. It's really eye opening.
It's easy to orbit the sun (heck, you're doing that right now), but it's pretty hard to actually hit it.
Let's say you're a satellite orbiting earth and you want to hit the earth's surface as soon as possible. What direction should you fire your thrusters? Assume current techology: you have relatively little thrust at your disposal.
Most people say, "fire the thrusters directly away from the earth!" This is actually wrong. It will make your orbit elliptical, but it would take a very long time to actually hit the earth. The best direction to fire is exactly against the direction of your forward motion, tangential to earth. Slow yourself down and let the earth's gravity take over.
The moon orbits the earth at 2300 MPH (1 km/s), but orbits the earth at 67,000 MPH (30 km/s). This should give some idea as to the difference in scale. There are more difficulties too, mostly because you're trying to boost yourself UP to the moon but DOWN to the sun.
Of course, you could also shoot yourself toward another planet and get a gravity assist toward the sun. That would take a lot less energy but a lot more time.
So you can use {TAG} instead of <% $TAG %>. True, that _is_ nicer, but I'm not sure it justifies a whole new language. Everything else you said (organizing the project as MVC, encapsulation, separate business logic, static templates) can be applied to PHP itself just as easily as it can be applied to any templating system.
What am I missing here?
I have yet to see a PHP templating engine that can do more than PHP itself. Variables, tag substitution, subfiles, looping... It's all in there at extremely low overhead. You just have to use PHP the same way you'd use the templating engine (separate business logic and content, etc).
Can anybody explain what any of these templating engines gives you that can't be found in PHP natively?
Microsoft clumsily exposed a lot of the Win32 API underneath the Forms API. Bindings must either reimplement significant portions of the Win32 API (good luck!), or call through and let Wine handle the messy bits.
Either way is sub-optimal, but at least using Wine is realistic!
There have been some solutions in the past. Balloon help did a really good job of explaining WHY a particular menu item was grayed out. It's too bad it worked so poorly and looked so stupid. I've seen Microsoft apps put the info in the status bar when you hover over a menu item. This is good too. But, please, never gray something out if the reason is not immediately obvious.
Wizards aren't MS-specific. Heck, OSX uses them a lot. It's a way of taking the user by the hand and guiding him or her through a complex process. It's true that MS has given Wizards a bad name by using them all over the fricken place, but that doesn't mean they're all bad.
Here's how my proposed wizard would work. My apolgies for the ugliness of the following. I made some really nice ascii art but the lameness filter rejected it.
1. Entry screen:
All local printers would be displayed. The first unconfigured local printers will be preselected. Clicking the Select Network button takes to to step 2, Next takes you to step 4.
2. Select Network Printer Type:
3. Browse Network Printers
4. Configure selected printer...
(insert rest of wizard here).
I can't think of an easier or more capable way of solving this problem. If you can, I'd love to hear it.
I know this will sound trite, but look at Apple's Human Interface Guidelines for some very sound principles in UI design.
I was a Mac developer for 4 years... I can quote those guidelines backwards and forwards. I think I still have a copy in my garage. The problem is, they are definitely showing their age. As you noted, even Apple doesn't strictly ahdere to them anymore. The world is a more complex place now.
ESR says, "Let's go back to the queue type selection screen. Remember that one? It looks like this: Locally connected, Networked CUPS (IPP), Networked Unix (LPD), Networked Windows (SMB), Networked Novell (NCP), Networked JetDirect". He then goes on to say that all of this should be autodetected and then the irrelevant options grayed out. According to him, each host do a Christmas tree scan (!!) of the local network to see what printer types to prompt for.
:)
:)
First of all, he'd better stay the hell away from my network. I thank goodness that no other (non-script-kiddie) application on this planet performs unprompted scans like this. DHCP, of course, doesn't count.
Second, what if the printer is currently down? Or I'm configuring a machine to be installed offsite? I can think of any number of scenarios where I'd want to configure a network printer that isn't currently on the network.
A program should NEVER think that it's smarter than the user. What if CUPS doesn't detect "wvlan0" as a network interface? Well, it would gray out all the network printer options. But that's clearly wrong -- the user *knows* that the machine is networked. If CUPS allowed him to configure the network printer, everything would just work. Note that CUPS probably should put up a warning dialog "Warning: I could not detect a network -- do you want to continue," but it should not prevent or restrict anything.
ESR's solution relies on too much magic and will cause support nightmares. It is too system-dependent -- it might work on Red Hat, but it'll probably break on SuSE. Or an ARM-based machine. Or a token ring network. Etc. And when it breaks, the user will be surprised and have no other recourse than to consult the documentation.
Incidentally, graying something out is almost always wrong because it gives no indication as to why it's grayed out! You should let the user select it, then put up an informative dialog telling the user that what he's doing doesn't make sense, and what he or she might do to fix it. Always, always, always tell WHY.
Yes, the CUPS UI is flawed ("client-error-forbidden! client-error-forbidden!"), but ESR's proposal is even worse. It's a measly six-item menu! If Easy Software did try to implement it, after a ton of programmer time they'd have an interface that is more surprising, less informative, and more fragile. Not a step in the right direction.
The proper way to fix this unfriendly menu is to create a wizard The first page would allow you to select a locally-connected printer or, if there are no unconfigured local printers, a network printer (possibly launching a Samba browser to help). Wizards are great for reducing perceived complexity without reducing functionality.
Creating a good user interface is hard. I think that ESR just proved this.
There is just no easier way to flash a bios...
/mnt
Sure there is. Easier than keeping ancient floppy drives around, anyway. Turn the floppy image into a bootable ISO.
First, set up the image (where boot.img is a pre-existing bootable floppy image):
mount boot.img -r -o loop
Then...
mkdir boot.iso.d
mv boot.img boot.iso.d
mkisofs -R -J -o boot.iso -b boot.img boot.iso.d
And burn the iso. I'm sure k3b would be easier than the command line but I can't get it to work under 2.6.3. The cdrecord command line would be something like: cdrecord -v -eject speed=16 dev=ATA:1,0,0 driveropts=burnfree boot622.iso
Boot, flash, and you're done. No floppies.