This update doesn't actually include any security fixes (there's something I never thought I'd see;) ) - most of the improvements concern mod_proxy. Here's the full list:
HTTP/1.1 support for mod_proxy.
Other mod_proxy improvements.
The supplied icons are now also distributed in PNG format
The new 'FileETag' directive to allow one to build the format of the ETag via runtime directives.
Addition of a 'filter callback' function to enable modules to intercept the output byte stream for dynamic page caching.
It gets a resounding thumbs up over there as well - I'm a first year Computer Science degree student at the moment but I'm sorely tempted to get it anyway, it looks like this one isn't going to get outdated any time soon.
I used to get by on the net with just one password. It was very secure in that it was nice and random and not likely to appear in any cracker's dictionarys. I never really thought about security much... until a web based forum I was subscribed to was cracked. At the time I was an administrator on one of the largest online gaming forums in Europe (now sadly no longer with us), and another regular from those forums got hold of my password. Luckily he merely posted a few "hahaha I've got Skunk's password" posts and didn't do any damage, but the potentail was there.
Since that incident I've instituted a strict policy of having at least 4 different "main" passwords, each with a different security level. I look at any site I sign up for very carefully - do es it look trustworthy? Do I trust the owner of the site (chances are my password will be stored in their database in plain text)? My "low level" passwords are used for unimportant sites while I save my "high level" ones for e-commerce and administrator functions.
All this should have been obvious from the start, but then that's the benefit of hindsight:)
This is why I'm scared of Passport - the majority of internet users [i]can't be trusted[/i] not to use a ridiulously simple password. "But no one eould ever want to hack my account anyway" they say - but Passport means that the ridiculously simple password they chose for their unimportant hotmail account will likely one day be the password they use to acess their online banking...
Passport forces you to have at least 8 characters in your password - in my opinion that actually makes it even LESS secure. Why? Because remembering an 8 letter password is much harder, so people are more likely to go with something easily memorable (and easy to social-engineer) or write it down somewhere. I have several highly secure, completely random 6 letter passwords but I was unable to use any of them for my hotmail account, so I ended up going for something pretty insecure.
Is there anything wrong with HTML as a tool for e-learning? It's easy enough to set up a site with powerpoint slide style presentation (next and previous buttons) and once you post it on the web and get it indexed it can benefit people all over the world. You can always use server side scripts for added interactivity (although personally I've never found the interactive parts of multimedia learning tools any use other than as distracting eye candy).
It indexes a huge array of news sites several times a day for fresh stories - enter a search term and it will bring up all the headlines it can find for that subject. Best of all, it uses an algorithm to identify alternative coverage of any one story and lists these links in a block beneath the main search results. That way you get links to several different accounts of the same story (although in practise they end up being pretty similar due to using the same news agencys) without having to hunt around for them yourselves.
They're still working on the algorithm and are requesting as much feedback as possible - read more here.
I was banned from my University's network a couple of days ago after an e-mail incident - a large university announce-only mailing list had been accidentally left unmoderated and was being flooded with rubbish from all over the campus. I posted a message explaining what had happened (for the benefit of the users asking "Why am I getting so much mail!?") and suggesting everyone just wait it out until the list admins re-moderated the list.
As you can imagine, I was pretty surprised when my room connection stopped working and I recieved an e-mail informing me that I had been banned for a week!
After a short e-mail exchange with a network admin it became apparent that someone had sent an abusive message to the (now moderated) list using my name as their signature. The message had been picked up by a list moderator who suggested I was banned along with the other public abusers of the list. E-Mail headers were checked, my name was cleared and my connection was reinstated (the guy who pretended to be me could be facing a £250 fine though).
The point of this rather uninteresting story? University network admins are reasonable people, but you have to aproach them in the right way. I was painfully polite in every one of the e-mails I sent them, I explained my circumstances in detail and made sure to thank them for their time. Provided you put your case in a clear, concise and above all polite manner you should be fine. What you SHOULDN'T do is go demanding better treatment and quoting University rules left right and center - that won't help your cause in the slightest.
googlewhacking
on
Google Juice
·
· Score: 2, Informative
But google whacking DOES NOT affect your search results - the whole idea of google whacking is to find terms that don't occur on google and stick them on a web page (which removes them from the pool since once google indexes your page the terms will be in google's database). Because you are only dealing with a single occurence of obscure terms this will have no effect on serious search results at all - unlike google bombing which can affect the order of results.
It's better than Netscape 6 (more up to date rendering engine and surrisingly stable considering it's still in beta) and there's no chance of any nasty behaviour on the behalf of the developers thanks to its open source nature.
Anyone remember when the great premise of the internet used to be equality? Anyone with a text editor and a net connection could stick up their own site, leading to a golden era of communications and freedom of information.
If you have to shell out $499 for the tools to create web content this equality is gone. The division between those who can and those who cannot is back (no doubt protected by some archaic law such as the DMCA) and once again information is controlled by those who can afford to disseminate it.
Any new "standard" for web applications should be an open standard. I know Macromedia published the specifications for swf but they are hardly obliged to continue to do this with Flash MX. If the net needs a revolution in web application interfaces we should be looking to open standards such as SVG (for presentation) and XForms, not closed standards that are controlled by a single commercial entity.
I found this quite amusing. One of the cases detailed in The File Room describes how Brown University closed down a site hosted there called "The Bondage, Domination, Submission, Sadism, & Masochism Web Page". The University computer support staff deemed the content inapropriate:
I did a google search out of interest to see if the site ever found a new home. I didn't find the site, but I did find out what became of the intrepid creator of the site, Daniel C. Robbins:
It looks to me like the record companies are shooting themselves in the foot. If word spreads that CDs are being crippled in this way surely it will discourage people from buying CDs in the first place? Why spend money on something that has been crippled when you could just download the album from a file share somewhere...
As already mentioned, the Respondents did have prior knowledge of the VIVENDI UNIVERSAL mark and they deliberately chose to register a domain name which incorporated that mark in its entirety. In so doing, they might have thought that the word "sucks" would serve to distinguish the disputed domain name from the mark. However, in this regard they were mistaken, at least so far as non-English speakers are concerned, and they must bear the consequences of the risk they took.
That's a great argument(!) - So if I was to register www.this-site-has-nothing-to-do-with-vivendi-unive rsal.com it could still be judged as confusing because non-English speakers may not understand?
Grim Fandango is the nearest I've seen any video game come to being an "art form" - the visuals, the plot, the voice acting in particular are all verging on perfection. If you haven't played it it's a classic LucasArts adventure game (in the same vein as the Monkey Island games) set in the Mexican Land of the Dead, where you play "Manny Calavera", a civil servant caught up in an intriguing web of crime and corruption... the style of the game is completely unique, and it creates a fascinating world with it's own set of rules completely detached from reality but at the same time utterly believable.
This one's been around for years, and is present on literally millions of sites. I read somewhere certain both AltaVista and Amazon have both suffered from this in the past. Here's how it works:
You have some kind of form input, with the next page displaying whatever the user typed into that form field (for a search engine this would be in the form of "You searched for..."). the golden rule of web development is NEVER TRUST input from your users. Most developers take great lengths to check anything that's going into a file or database, or erspecially code that will be executed on the command line.
However, if you're just going to display something to the user that typed it why bother checking the content? Surely only the user who typed the thing is going to see it again, and it's not like they're going to be able to affect any of your systems?
Therein lies the problem. If you allow a user to type anything into a form and then have it re-displayed, they can include HTML tags. And if they can include HTML tags, they can include <script> tags. And script tags can do weird stuff.
Still think it's not a problem thanks to the fact that only the user will see it? Think again - seeing as most applications like search engines use GET to pass parameters, you can fill in the form for the user by offering them a link to click:
All of a sudden you can cause your weird popup messages to appear on someone elses site.<p>
The biggest security problem is the fact that javascript can access cookies. Imagine sending someone to a website via a link containing javascript that reads their username/password cookie for that site then pops up a window feeding that username/password to a script page con your server (in the query string) - BANG, you've got their password.
How do you stop this happening? Simple - deactivate HTML tags from user input by replacing < with < and > with > - problem solved:)
Great news that Adobe are backing down - but several places have been touting this case as the possible "straw that breaks the canel's back" with regards to the DMCA. Can we still use this to undermine the act or are we back to square one?
I think this basically boils down to another attempt by Microsoft to get the term "Viral Software" accepted by as many people as possible - if you repeat something a thousand times someone is bound to believe it eventually.
Reading through the comments on this topic the language that appears to get the most "mentions" as an ideal OOP teaching language is Python, and with good reason. Python is a superbly crafted scripting language, with completely straightforward (but powerful) syntax. After personally struggling with Perl on and off for a year (I know the syntax but it just doesn't "gel") I picked up enough Python to do useful stuff with it in less than two weeks.
Python is completely object orientated (like Java) but unlike java it doesn't force you to use objects. Hello world in Python looks like this:
print "Hello world!"
Although in python everything is an object (even class definitions are stored internally as "class objects") you don't need to know that, or even know OOP, in order to write a python script - you can just write procedural code instead.
Python is completely cross platform compatible, open source, fast, has a growing number of real world applications (Zope is just the beginning) and can even be used to write Java via jpython (www.jpython.org). It's got an interactive interpreter which is great for complete beginners to programming to try stuff out, and although it's easy to get started it has some fantastic advanced features as well(like the way you can use dir() and similar functions to get complete access to python's inner workings - what names it has defined, what objects have been created, what it had for dinner...)
Finally, it was named after Monty Python's Flying Circus and has a healthy sense of humour to boot - what better way to get students interested in programming?
Uh-oh. Looks like/. has attracted the attention of a Scientologist. Will the nefarious Scientology legal team follow? Let's hope so. I'd be DAMN interested in watching that combat play itself out.
The said thing is that/. would almost certainly lose. Only a few months ago the CoS was the first organisation in/.'s history to force them to remove a comment posted on the site./. may be one hell of a website but at the end of the day it can't hope to stand against the legal might of the CoS.
But how do you tell if someone is using a see through walls cheat?
A colleague at work is an extremely good CS player. I've watched him playing on cs_assault (the map with the big grey warehouse). He gets a ridiculous amount of killsa by shooting people through walls. Is he cheating? No, I know he isn't because I can watch his screen. He simply knows the map extremely well. He knows where people are likely to be hiding, and fires a few bullets through walls at those points. If he hears the tell tale sound of bullets hitting a body he unloads the rest of his clip and racks up another kill.
He's not cheating, he's just very skillful. Unfortunately most of the time he is branded a cheat by people on the server, who then demand that he is banned (not realising he's the head admin for all 40+ of our Counter-Strike servers).
Slashdot Mirror
- HTTP/1.1 support for mod_proxy.
- Other mod_proxy improvements.
- The supplied icons are now also distributed in PNG format
- The new 'FileETag' directive to allow one to build the format of the ETag via runtime directives.
- Addition of a 'filter callback' function to enable modules to intercept the output byte stream for dynamic page caching.
There are a few platform specific fixes as well.http://freshmeat.net/articles/view/338/
It gets a resounding thumbs up over there as well - I'm a first year Computer Science degree student at the moment but I'm sorely tempted to get it anyway, it looks like this one isn't going to get outdated any time soon.
I used to get by on the net with just one password. It was very secure in that it was nice and random and not likely to appear in any cracker's dictionarys. I never really thought about security much... until a web based forum I was subscribed to was cracked. At the time I was an administrator on one of the largest online gaming forums in Europe (now sadly no longer with us), and another regular from those forums got hold of my password. Luckily he merely posted a few "hahaha I've got Skunk's password" posts and didn't do any damage, but the potentail was there.
:)
Since that incident I've instituted a strict policy of having at least 4 different "main" passwords, each with a different security level. I look at any site I sign up for very carefully - do es it look trustworthy? Do I trust the owner of the site (chances are my password will be stored in their database in plain text)? My "low level" passwords are used for unimportant sites while I save my "high level" ones for e-commerce and administrator functions.
All this should have been obvious from the start, but then that's the benefit of hindsight
Passport forces you to have at least 8 characters in your password - in my opinion that actually makes it even LESS secure. Why? Because remembering an 8 letter password is much harder, so people are more likely to go with something easily memorable (and easy to social-engineer) or write it down somewhere. I have several highly secure, completely random 6 letter passwords but I was unable to use any of them for my hotmail account, so I ended up going for something pretty insecure.
Is there anything wrong with HTML as a tool for e-learning? It's easy enough to set up a site with powerpoint slide style presentation (next and previous buttons) and once you post it on the web and get it indexed it can benefit people all over the world. You can always use server side scripts for added interactivity (although personally I've never found the interactive parts of multimedia learning tools any use other than as distracting eye candy).
http://news.google.com/
It indexes a huge array of news sites several times a day for fresh stories - enter a search term and it will bring up all the headlines it can find for that subject. Best of all, it uses an algorithm to identify alternative coverage of any one story and lists these links in a block beneath the main search results. That way you get links to several different accounts of the same story (although in practise they end up being pretty similar due to using the same news agencys) without having to hunt around for them yourselves.
They're still working on the algorithm and are requesting as much feedback as possible - read more here.
I was banned from my University's network a couple of days ago after an e-mail incident - a large university announce-only mailing list had been accidentally left unmoderated and was being flooded with rubbish from all over the campus. I posted a message explaining what had happened (for the benefit of the users asking "Why am I getting so much mail!?") and suggesting everyone just wait it out until the list admins re-moderated the list.
As you can imagine, I was pretty surprised when my room connection stopped working and I recieved an e-mail informing me that I had been banned for a week!
After a short e-mail exchange with a network admin it became apparent that someone had sent an abusive message to the (now moderated) list using my name as their signature. The message had been picked up by a list moderator who suggested I was banned along with the other public abusers of the list. E-Mail headers were checked, my name was cleared and my connection was reinstated (the guy who pretended to be me could be facing a £250 fine though).
The point of this rather uninteresting story? University network admins are reasonable people, but you have to aproach them in the right way. I was painfully polite in every one of the e-mails I sent them, I explained my circumstances in detail and made sure to thank them for their time. Provided you put your case in a clear, concise and above all polite manner you should be fine. What you SHOULDN'T do is go demanding better treatment and quoting University rules left right and center - that won't help your cause in the slightest.
Read the article - they didn't portscan.
But google whacking DOES NOT affect your search results - the whole idea of google whacking is to find terms that don't occur on google and stick them on a web page (which removes them from the pool since once google indexes your page the terms will be in google's database). Because you are only dealing with a single occurence of obscure terms this will have no effect on serious search results at all - unlike google bombing which can affect the order of results.
It's better than Netscape 6 (more up to date rendering engine and surrisingly stable considering it's still in beta) and there's no chance of any nasty behaviour on the behalf of the developers thanks to its open source nature.
If you have to shell out $499 for the tools to create web content this equality is gone. The division between those who can and those who cannot is back (no doubt protected by some archaic law such as the DMCA) and once again information is controlled by those who can afford to disseminate it.
Any new "standard" for web applications should be an open standard. I know Macromedia published the specifications for swf but they are hardly obliged to continue to do this with Flash MX. If the net needs a revolution in web application interfaces we should be looking to open standards such as SVG (for presentation) and XForms, not closed standards that are controlled by a single commercial entity.
http://www.thefileroom.org/FileRoom/documents/dyn/ DisplayCase.cfm?id=297
I did a google search out of interest to see if the site ever found a new home. I didn't find the site, but I did find out what became of the intrepid creator of the site, Daniel C. Robbins:
http://research.microsoft.com/~dcr/
Yup, he appears to be working at Microsoft as a 3D User Interface Designer. Strangely enough the BDSM site is noticably absent from his online CV ;)
It looks to me like the record companies are shooting themselves in the foot. If word spreads that CDs are being crippled in this way surely it will discourage people from buying CDs in the first place? Why spend money on something that has been crippled when you could just download the album from a file share somewhere...
Laughable.
Well, I liked it anyway
This one's been around for years, and is present on literally millions of sites. I read somewhere certain both AltaVista and Amazon have both suffered from this in the past. Here's how it works:
:)
You have some kind of form input, with the next page displaying whatever the user typed into that form field (for a search engine this would be in the form of "You searched for..."). the golden rule of web development is NEVER TRUST input from your users. Most developers take great lengths to check anything that's going into a file or database, or erspecially code that will be executed on the command line.
However, if you're just going to display something to the user that typed it why bother checking the content? Surely only the user who typed the thing is going to see it again, and it's not like they're going to be able to affect any of your systems?
Therein lies the problem. If you allow a user to type anything into a form and then have it re-displayed, they can include HTML tags. And if they can include HTML tags, they can include <script> tags. And script tags can do weird stuff.
Still think it's not a problem thanks to the fact that only the user will see it? Think again - seeing as most applications like search engines use GET to pass parameters, you can fill in the form for the user by offering them a link to click:
http://yoursite.com/search?<b>Oooh+Bold+Text </b><script>alert('Ew ww nasty popup')</script>
All of a sudden you can cause your weird popup messages to appear on someone elses site.<p>
The biggest security problem is the fact that javascript can access cookies. Imagine sending someone to a website via a link containing javascript that reads their username/password cookie for that site then pops up a window feeding that username/password to a script page con your server (in the query string) - BANG, you've got their password.
How do you stop this happening? Simple - deactivate HTML tags from user input by replacing < with < and > with > - problem solved
Great news that Adobe are backing down - but several places have been touting this case as the possible "straw that breaks the canel's back" with regards to the DMCA. Can we still use this to undermine the act or are we back to square one?
I think this basically boils down to another attempt by Microsoft to get the term "Viral Software" accepted by as many people as possible - if you repeat something a thousand times someone is bound to believe it eventually.
www.googlestore.com
Python is completely object orientated (like Java) but unlike java it doesn't force you to use objects. Hello world in Python looks like this:
print "Hello world!"
Although in python everything is an object (even class definitions are stored internally as "class objects") you don't need to know that, or even know OOP, in order to write a python script - you can just write procedural code instead.
Python is completely cross platform compatible, open source, fast, has a growing number of real world applications (Zope is just the beginning) and can even be used to write Java via jpython (www.jpython.org). It's got an interactive interpreter which is great for complete beginners to programming to try stuff out, and although it's easy to get started it has some fantastic advanced features as well(like the way you can use dir() and similar functions to get complete access to python's inner workings - what names it has defined, what objects have been created, what it had for dinner...)
Finally, it was named after Monty Python's Flying Circus and has a healthy sense of humour to boot - what better way to get students interested in programming?
The non-existant language you speak of sounds an awful lot like python :)
www.python.org
Not in a million years...
Which totally sucks >:o(
But how do you tell if someone is using a see through walls cheat? A colleague at work is an extremely good CS player. I've watched him playing on cs_assault (the map with the big grey warehouse). He gets a ridiculous amount of killsa by shooting people through walls. Is he cheating? No, I know he isn't because I can watch his screen. He simply knows the map extremely well. He knows where people are likely to be hiding, and fires a few bullets through walls at those points. If he hears the tell tale sound of bullets hitting a body he unloads the rest of his clip and racks up another kill. He's not cheating, he's just very skillful. Unfortunately most of the time he is branded a cheat by people on the server, who then demand that he is banned (not realising he's the head admin for all 40+ of our Counter-Strike servers).