When I read Ringworld, I wondered why you wouldn't build something that combined both a ringworld and a Dyson sphere. Let's say the ringworld followed Niven's dimensions. At 1 million miles wide, it only occupies about 1% of the 'latitude' of the orbital sphere. All the solar energy directed elsewhere is wasted.
It seems it would be good to build a smaller sphere that can collect this energy. If you built it at an inner orbit (like Mercury's orbital distance) you wouldn't need as much material. You would leave out a section of the middle that corresponds to the location of the 'ring plane' to allow the energy there to make its way to the ring. Both halves of the sphere could still be connected, but instead of solid sphere, it would be alternating solid/empty to provide the function of the shadow squares. You may want to perforate it in other areas as well to allow solar pressure to escape.
Exactly what materials you'd use, I don't know... but if you have the resources to build the ringworld to begin with, this shouldn't be a stretch.
It doesn't need to be comparable to the functionality difference between Paint and Gimp. It only needs to be comparible to the task of installing Gimp on Windows.
He was just making the statement that Ubuntu has a better *default* image editor. If you're (an average user) on Windows and want something better than Paint, it's not that hard to do... be it Gimp, or Paint.NET, or likely whatever comes with your shiny new digital camera.
First to file is the method in use in countries outside of the US. It doesn't mean that prior art is irrelevant. It simply means that if a patent application comes in that is valid (new, non-obvious) it is granted to the party that submitted the application first. This is unlike the US where I could file my application a month AFTER you, but if my lab notebooks show I was working on the invention before you were working on it (even though we knew nothing of each other) I would be awarded the patent.
Prior art still comes into play in the initial evaluation of the patent. It can also be used to challenge a previously awarded patent. Going to first to file would just put the US in line with the method used by the USPTO (and just about everywhere - if not everywhere - else in the world.)
The only problem you would face is the typical Slashdot view that disclosures don't matter, as the patent examiners will "rubber stamp" anything they get - but part of that depends on how you publish your disclosure. If you put it on your own website, it is unlikely to be seen. If you publish with one of the high visibility journals - you're more likely to be seen.
(Full disclosure: I used to work for IP.com which does this sort of thing. So I've had a fair amount of exposure to the workings of patents and disclosures.)
In addition to the issue the sibling message points out, gmail's POP3 access won't allow you to retrieve the stuff flagged as spam. That means that unless you completely trust them to never flag something incorrectly, you will need to use the web-based interface occasionally to go through those messages. (Overall, not a horrible thing to do, but could be a deal-breaker for some.)
I do wish every Windows box natively understood WPA and WPA2. My GF has "Win2k professional" on her laptop and she can't connect to my private WiFi network using WPA2, she has to use the good ol' RJ45 cable instead
The WPA client software is part of their Wireless Software Security suite, but you can opt out of the pay service during install and just use the WPA connection software. I use it on an old w98 laptop to connect to WPA-encrypted networks just fine.
I'm not sure if it is restricted only to the *.ani extension either. From some of the things I've read, it seems IE might be happy with alternate extensions (like ico or cur). I'm not sure if these are served using a specific MIME type - some things seem to just serve it as plain binary data (application/octet-stream) but I'm not sure if that's the 'correct' MIME mapping.
To address your other point, even if the object is called by obfuscated CSS inside of JS, it shouldn't be a problem. I'm not talking about removing the call to the cursor from the source document's HTML. I'm talking about blocking responses to HTTP requests that return that type. Even if the source was obfuscated, the actual HTTP request/response is scrubbable.
The problems I can see are if: 1) IE doesn't use extension or mime-type, but instead examines the binary data - as then there's no good way to block it. 2) You're loading one of these from an HTTPS site, since the proxy wouldn't know what you're requesting.
If you run a proxy, it seems you could block them at the proxy level.
This isn't likely to help home users, as it's likely the types of people who are capable of running their own proxy are also not the type to be using IE as their browser. But this might at least help in a corporate environment where all traffic is already going through a proxy.
It seems like it would make sense for the manufacturers to make sure the systems supported Linux, if for no other reason than troubleshooting.
If you want to track down a problem on an installed OS, there's always the possibility that the user has done something/installed something that is causing the problem. If they shipped the system with a pre-built live CD (that was known to work with the system components) - when a user called tech support, they could have the user reboot with the live CD. If the problem persists: hardware problem. If the problem goes away: software/user configuration problem.
It seems that would be a quicker way to get through the first cut. If its a software problem, you can then offer to elevate them to the "paid" support to help them through the problem. Otherwise, you can issue the RMA without having to spend the time required to walk the person through the steps of reinstalling drivers and what else.
The release name is just a name. It will have a version number when it ships (as Ubuntu's version numbers are the release date).
If you actually go to the Ubuntu site, you'll see they list the current version as "6.10" and not as "Edgy Eft".
The release name allows them to have a name by which to refer to the release that is independent of the release date. That way if the release date had to slip, it wouldn't mean that you are no longer working on version Y.MM but instead Y.MM+1
It's because these are exploits that can be done transparently using nothing more than a carefully crafted hyperlink.
Lets say a malicious blogger posts a story about candidate X. He links to a page on candidate X's site that has one of these vulnerabilities. But instead of just creating a normal link, he links in a way that passes some exploit code into the page that alters its behaviour or content. Maybe changing some page content, or injecting Javascript code that sends your cookies for that site to a handler on his blog so that he can collect login information.
To Joe web user, he doesn't know anything is going on. His browser is reporting he is on the authentic Candidate X website (even if it was SSL) but is completely unaware that the content has been altered by a 3rd party, or that his login information is going to get sent to site Y instead of the typical login form handler, etc.
It's not about smart users messing with the page for their OWN amusement, it's about being able to mess with someone else's page with nothing more than a hyperlink (in such a way that doesn't require "hacking" into an account on the local server. Now do you get it?
As of right now (at least with the free version) the integration of calendar and mail is lightweight. You can send invitations from your calendar, but if you receive ical (*.ics) attachments from others, they just appear as attachments and don't have any quick way of getting the info into your calendar. You have to save the attachment, then go into calendar and do an import, but I haven't had that always work - especially with something like a cancellation.
If he posted the commercials, would they still care?
Likely, yes they would. Commercial time is valued based on the audience size (and demographic). The commercials were already sold based on the (projected) television viewership. Just because more people will now watch online doesn't mean they can go back to the advertisers and ask them for more money.
The problem is that a lot of people won't go to see something unless it's *new*.
There can be a lot of great stories out there, but unless it is sitting in the New Releases section of the video store, or is playing at the local multiplex, they're just never going to see it.
It's unfortunate, because there's a lot of great stories out there that people just turn themselves off from because they're old, or in black and white, or have outdated special effects. How many people have actually seen Citizen Kane? But if it were re-released with (insert popular actor here) tomorrow, you'd have people going to it who would never even think to watch it otherwise.
In addition to the new factor, when the studios re-release a movie - they get lots of money from people who go to it just to complain about how it isn't as good as the original. Buying those tickets really shows them, now, doesn't it?
Won't work. The same 'novices' who leave gaping SQL injection holes will now be writing pages that need to access the file system. Now instead of accessing the DB, script kiddies will be traversing the filesystem. Yes, this can be mitigated through file permissions, but there are a lot of servers out there (set up by these same novices) where processes run as root and would have full access to read and write files. So, a bad script could allow them to write to/etc/passwd and have all sorts of fun.
Visible light is just another part of the electromagnetic spectrum, but you can easily create a human doorway to another room that keeps light out, even when in use.
The two types I've seen in photo darkrooms are: 1) The light baffle. The entry doorway is just an 'S-shaped' hallway that requires you to turn a couple of times to pass through. There doesn't need to be any door to open/close, but as long as it isn't lined with a material reflective to what you are trying to keep out, you're ok. Look under your sink at the drain catch for the idea. The nice thing about this style door (for darkrooms, etc) is that you never need to worry about having to mess with any door mechanism in the dark. It's completely open to wander in and out (for people, air circulation, etc.)
2) The revolving door. There is never an open conduit from the outside to the inside at any time. The opening closes off from the external environment completely before reaching the point where it opens to the internal environment.
They already have surgically implantable RFID chips. Vets implant them all the time. The same could be used for humans, but the reasons for doing so aren't as benign as with pets.
My concern would be (not yet having read the FA... yeah, I know this is/.) how well the chips can be detected on/in metal equipment. The chips lose their ability to communicate in a short distance and metal seems to really cut down the ability to detect them at all.
I kind of had my heart set on: Core 2: Electric Boogaloo
IP.com - Defensive publication
on
Public Patents?
·
· Score: 2, Interesting
Your search suggestion turns up an interesting article mentioning companies like IP.com, but I bet they don't do offer their services for smiles and sunshine either.
I think the real trouble is ensuring that a publication meets legal requirements to be considered 'prior art', most of which have to do with making sure that the source of the publication is authentic and that the date of publication is verifiable. Meeting either of those requirements probably cannot sidestep the need for notarizing the documents which, again sadly, costs money.
I happen to know the IP.com gang (used to be one myself) and can tell you that there is more to making sure the stuff is available than just slapping it on a server somewhere. Documents published with them get digital notarizations (to allow you to prove times of availability) are made searchable, documents are collected in such a way to allow the collection of metadata (as many companies have rigid publishing formats for patents, but not disclosures) to help searchability. In addition the data is made available to patent offices, and they publish a printed journal containing the disclosure info (and optionally the full disclosure).
Do you have to go to these lengths to do something yourself? No. Does it increase the chances that your disclosure will be seen by a patent examiner. Yes.
Do people really think patent examiners have the time to go wading through every obscure website to find non-patent prior art? The fact that companies like IP.com and Research Disclosure (another defensive publishing company) have consolodated, high value collections makes them worthwhile to search. In addition, the inclusion of high-profile disclosures (like those from companies like IBM) makes these sources far more attractive to a patent examiner than Joe Nobody's blog that might have a good idea mixed in with pages of what he had for dinner last night, and why he thinks the Star Wars Empire would beat Star Trek's Federation in a fight.
--
So while it isn't free - it is reasonable for the amount of work that is involved. Interestingly, years ago, IP.com did offer a free publishing service (in conjunction with the Foresight Institute) which allowed free publications for inventions in the software and nanotechnology areas (paid for by grants) but it was completely ignored and eventually dropped. The original story was covered on Salon and commented here on/.
A lot of people just dislike the patent process so much, but seem to want to complain about it rather than explore the actual alternatives.
I believe the problem isn't in GIMP itself, but in the way OSX implements X11.
The Blender Project Orange team ran up against it and wrote about it here.
That said, even though the problem isn't GIMP - it's more likely that any fix will have to come from them creating a wrapper (like seashore) rather than Apple changing X11 just for them.
I'll outline the shell of it here, but you'll have to do the legwork to complete it (or hire someone who can) as it it too detailed to put in a post here.
Since PHP is pretty ubiquitous on webhosts, I'll assume PHP for the scripting.
You could do this with or without a database. I'll outline a path for doing it WITHOUT a db.
1) Make sure all your files have some sort of ID number for the filename (makes life easier).
2) Store *all* your files in a non-web accessible directory
ex. if your webroot is/username/public_html/
store your pics in/username/photos/
this way, they can't be downloaded directly from the browser.
If you can't create a directory above your webroot, then make it inside your webroot, but protect it with.htaccess
3) When a customer makes a purchase, you'll have an admin page that lets you create a 'download ticket' - when you load this page, you supply an email address and an image ID number (see #1) and it generates a 'ticket' that they can use to download the picture. (see 3a-b for details)
3a) Since this isn't Fort Knox, security doesn't need to be super tight, just enough to prevent casual sharing.
I would suggest a ticket be in a format like this.
0000-12345abc-12345678
where '0000' represents the image ID number
12345abc is the 'expiration date' encoded into base 16 (to be shorter)
12345678 - is every 4th digit of the MD5 (to keep it shorter) of the image number / date / and some secret string (that only is known to your web server)
This link will be functional until xxx-xx-xxxx blah blah blah"
4) You have a page 'get.php' that looks at the $_REQUEST['t'] value and does a comparison.
4a) Split the ticket into its parts ('0000' , '12345abc', '12345678') 4b) Calculate the MD5 of part 1 + part 2 + 'secret string' 4c) Get every 4th char, does it equal part 3? If not, DO NOT DOWNLOAD THE FILE, if so, continue 4d) Check the date, has it expired? If so, DO NOT DOWNLOAD THE FILE, if not DOWNLOAD THE FILE (see fpassthru() in PHP)
--
Notes:
With a database, you can record number of attempts per ticket to make sure someone isn't trying to brute force access by doing an incremental attack on the checksum (part 3) as there are only 4,294,967,296 possible combinations (16^8).
You could also add some sort of logging so that you can see who has attempted to download the file, etc.
You'd also want to make sure you're properly sanitizing the input as (at some point) you'll be translating the input value to a file path, so you need to make sure there are no potential attack vectors for walking the file system (which shouldn't happen if you check your MD5 first, but it would still be possible, especially since you're only using 1/4 of the check digits).
You want to keep the URL as short as possible for downloading so that the ticket doesn't word-wrap in their email. If it breaks, it may not be clickable any more. You'll probably also want instructions so that they can enter the ticket manually on the page, if the link in their email breaks.
Arguably, if someone figured out your secret phrase (the one you use in MD5 generation) they could generate tickets to download any of your files, but the only way they should be able to do that is if they have access to your box - which if they have access to your box they already have access to your files.
Are you looking for an off the shelf solution for this?
Because this kind of thing would be pretty easy with any scripting language (PHP, Perl, ColdFusion,.NET, what have you).
Just issue a 'ticket' (token in URL) to the client when they purchase. That token can be stored on the site to allow access for a certain amount of time. You could also throttle it so that too many attempts on the same ticket trigger a lockout until you've had a chance to review it.
Otherwise, send them the URL (with the token) and give them 24 (or whatever) hours to download the file. (If they try to download more than X times before the ticket expires - lock it out until you've made sure it isn't that they've given the ticket out to 10,000 of their friends).
Re:Recommend me a good, free, text editor!
on
Pepping Up Windows
·
· Score: 1
I have a TextPad license (not free) that I use on my personal machine, but when I need a text editor on another machine that isn't mine, I've installed Notepad++ and felt it was pretty good.
If all you are doing is resizing a picture, then yes a gui is overkill.
You do realize that there are a whole bunch of us that actually PRODUCE work as opposed to just perform basic transformations on existing images.
The CLI isn't so great for "bring up the highlights in the face area, and remove this reflection, and soften the focus on these elements but not these, etc."
There's no way in the UI from doing it, but if you open 'about:config' you can set the preferences manually.
You may need to create these keys if they don't exist. Set the value to the starred value to get the result you're looking for.
browser.link.open_newwindow 1 - open in current window 2 - open in new window (default) 3 - open in new tab [*] (HTML links that want to open a new window)
browser.link.open_newwindow.restriction 0 - divert everything (default) 1 - divert target='_blank' but not javascript: window.open() 2 - divert everything except window.open() with three parameters (Optional further refinement on new window requests)
Slashdot Mirror
When I read Ringworld, I wondered why you wouldn't build something that combined both a ringworld and a Dyson sphere. Let's say the ringworld followed Niven's dimensions. At 1 million miles wide, it only occupies about 1% of the 'latitude' of the orbital sphere. All the solar energy directed elsewhere is wasted.
... but if you have the resources to build the ringworld to begin with, this shouldn't be a stretch.
It seems it would be good to build a smaller sphere that can collect this energy. If you built it at an inner orbit (like Mercury's orbital distance) you wouldn't need as much material. You would leave out a section of the middle that corresponds to the location of the 'ring plane' to allow the energy there to make its way to the ring. Both halves of the sphere could still be connected, but instead of solid sphere, it would be alternating solid/empty to provide the function of the shadow squares. You may want to perforate it in other areas as well to allow solar pressure to escape.
Exactly what materials you'd use, I don't know
It doesn't need to be comparable to the functionality difference between Paint and Gimp. It only needs to be comparible to the task of installing Gimp on Windows.
... be it Gimp, or Paint.NET, or likely whatever comes with your shiny new digital camera.
He was just making the statement that Ubuntu has a better *default* image editor. If you're (an average user) on Windows and want something better than Paint, it's not that hard to do
Meant to say: "would just put the US in line with the method used by the EPO"
First to file is the method in use in countries outside of the US. It doesn't mean that prior art is irrelevant. It simply means that if a patent application comes in that is valid (new, non-obvious) it is granted to the party that submitted the application first. This is unlike the US where I could file my application a month AFTER you, but if my lab notebooks show I was working on the invention before you were working on it (even though we knew nothing of each other) I would be awarded the patent.
Prior art still comes into play in the initial evaluation of the patent. It can also be used to challenge a previously awarded patent. Going to first to file would just put the US in line with the method used by the USPTO (and just about everywhere - if not everywhere - else in the world.)
The only problem you would face is the typical Slashdot view that disclosures don't matter, as the patent examiners will "rubber stamp" anything they get - but part of that depends on how you publish your disclosure. If you put it on your own website, it is unlikely to be seen. If you publish with one of the high visibility journals - you're more likely to be seen.
(Full disclosure: I used to work for IP.com which does this sort of thing. So I've had a fair amount of exposure to the workings of patents and disclosures.)
In addition to the issue the sibling message points out, gmail's POP3 access won't allow you to retrieve the stuff flagged as spam. That means that unless you completely trust them to never flag something incorrectly, you will need to use the web-based interface occasionally to go through those messages.
(Overall, not a horrible thing to do, but could be a deal-breaker for some.)
I do wish every Windows box natively understood WPA and WPA2. My GF has "Win2k professional" on her laptop and she can't connect to my private WiFi network using WPA2, she has to use the good ol' RJ45 cable instead
A Assistant.do
If you can't find native drivers that support WPA for your card, you can try a software solution:
http://www.wirelesssecuritycorp.com/wsc/public/WP
The WPA client software is part of their Wireless Software Security suite, but you can opt out of the pay service during install and just use the WPA connection software. I use it on an old w98 laptop to connect to WPA-encrypted networks just fine.
I'm not sure if it is restricted only to the *.ani extension either. From some of the things I've read, it seems IE might be happy with alternate extensions (like ico or cur). I'm not sure if these are served using a specific MIME type - some things seem to just serve it as plain binary data (application/octet-stream) but I'm not sure if that's the 'correct' MIME mapping.
To address your other point, even if the object is called by obfuscated CSS inside of JS, it shouldn't be a problem. I'm not talking about removing the call to the cursor from the source document's HTML. I'm talking about blocking responses to HTTP requests that return that type. Even if the source was obfuscated, the actual HTTP request/response is scrubbable.
The problems I can see are if:
1) IE doesn't use extension or mime-type, but instead examines the binary data - as then there's no good way to block it.
2) You're loading one of these from an HTTPS site, since the proxy wouldn't know what you're requesting.
If you run a proxy, it seems you could block them at the proxy level.
This isn't likely to help home users, as it's likely the types of people who are capable of running their own proxy are also not the type to be using IE as their browser. But this might at least help in a corporate environment where all traffic is already going through a proxy.
It seems like it would make sense for the manufacturers to make sure the systems supported Linux, if for no other reason than troubleshooting.
If you want to track down a problem on an installed OS, there's always the possibility that the user has done something/installed something that is causing the problem. If they shipped the system with a pre-built live CD (that was known to work with the system components) - when a user called tech support, they could have the user reboot with the live CD. If the problem persists: hardware problem. If the problem goes away: software/user configuration problem.
It seems that would be a quicker way to get through the first cut. If its a software problem, you can then offer to elevate them to the "paid" support to help them through the problem. Otherwise, you can issue the RMA without having to spend the time required to walk the person through the steps of reinstalling drivers and what else.
The release name is just a name. It will have a version number when it ships (as Ubuntu's version numbers are the release date).
If you actually go to the Ubuntu site, you'll see they list the current version as "6.10" and not as "Edgy Eft".
The release name allows them to have a name by which to refer to the release that is independent of the release date. That way if the release date had to slip, it wouldn't mean that you are no longer working on version Y.MM but instead Y.MM+1
It's because these are exploits that can be done transparently using nothing more than a carefully crafted hyperlink.
Lets say a malicious blogger posts a story about candidate X. He links to a page on candidate X's site that has one of these vulnerabilities. But instead of just creating a normal link, he links in a way that passes some exploit code into the page that alters its behaviour or content. Maybe changing some page content, or injecting Javascript code that sends your cookies for that site to a handler on his blog so that he can collect login information.
To Joe web user, he doesn't know anything is going on. His browser is reporting he is on the authentic Candidate X website (even if it was SSL) but is completely unaware that the content has been altered by a 3rd party, or that his login information is going to get sent to site Y instead of the typical login form handler, etc.
It's not about smart users messing with the page for their OWN amusement, it's about being able to mess with someone else's page with nothing more than a hyperlink (in such a way that doesn't require "hacking" into an account on the local server. Now do you get it?
As of right now (at least with the free version) the integration of calendar and mail is lightweight. You can send invitations from your calendar, but if you receive ical (*.ics) attachments from others, they just appear as attachments and don't have any quick way of getting the info into your calendar. You have to save the attachment, then go into calendar and do an import, but I haven't had that always work - especially with something like a cancellation.
Likely, yes they would. Commercial time is valued based on the audience size (and demographic). The commercials were already sold based on the (projected) television viewership. Just because more people will now watch online doesn't mean they can go back to the advertisers and ask them for more money.
The problem is that a lot of people won't go to see something unless it's *new*.
There can be a lot of great stories out there, but unless it is sitting in the New Releases section of the video store, or is playing at the local multiplex, they're just never going to see it.
It's unfortunate, because there's a lot of great stories out there that people just turn themselves off from because they're old, or in black and white, or have outdated special effects. How many people have actually seen Citizen Kane? But if it were re-released with (insert popular actor here) tomorrow, you'd have people going to it who would never even think to watch it otherwise.
In addition to the new factor, when the studios re-release a movie - they get lots of money from people who go to it just to complain about how it isn't as good as the original. Buying those tickets really shows them, now, doesn't it?
Won't work. The same 'novices' who leave gaping SQL injection holes will now be writing pages that need to access the file system. Now instead of accessing the DB, script kiddies will be traversing the filesystem. Yes, this can be mitigated through file permissions, but there are a lot of servers out there (set up by these same novices) where processes run as root and would have full access to read and write files. So, a bad script could allow them to write to /etc/passwd and have all sorts of fun.
Visible light is just another part of the electromagnetic spectrum, but you can easily create a human doorway to another room that keeps light out, even when in use.
The two types I've seen in photo darkrooms are:
1) The light baffle. The entry doorway is just an 'S-shaped' hallway that requires you to turn a couple of times to pass through. There doesn't need to be any door to open/close, but as long as it isn't lined with a material reflective to what you are trying to keep out, you're ok. Look under your sink at the drain catch for the idea. The nice thing about this style door (for darkrooms, etc) is that you never need to worry about having to mess with any door mechanism in the dark. It's completely open to wander in and out (for people, air circulation, etc.)
2) The revolving door. There is never an open conduit from the outside to the inside at any time. The opening closes off from the external environment completely before reaching the point where it opens to the internal environment.
They already have surgically implantable RFID chips. Vets implant them all the time. The same could be used for humans, but the reasons for doing so aren't as benign as with pets.
... yeah, I know this is /.) how well the chips can be detected on/in metal equipment. The chips lose their ability to communicate in a short distance and metal seems to really cut down the ability to detect them at all.
My concern would be (not yet having read the FA
I kind of had my heart set on:
Core 2: Electric Boogaloo
I happen to know the IP.com gang (used to be one myself) and can tell you that there is more to making sure the stuff is available than just slapping it on a server somewhere. Documents published with them get digital notarizations (to allow you to prove times of availability) are made searchable, documents are collected in such a way to allow the collection of metadata (as many companies have rigid publishing formats for patents, but not disclosures) to help searchability. In addition the data is made available to patent offices, and they publish a printed journal containing the disclosure info (and optionally the full disclosure).
Do you have to go to these lengths to do something yourself? No. Does it increase the chances that your disclosure will be seen by a patent examiner. Yes.
Do people really think patent examiners have the time to go wading through every obscure website to find non-patent prior art? The fact that companies like IP.com and Research Disclosure (another defensive publishing company) have consolodated, high value collections makes them worthwhile to search. In addition, the inclusion of high-profile disclosures (like those from companies like IBM) makes these sources far more attractive to a patent examiner than Joe Nobody's blog that might have a good idea mixed in with pages of what he had for dinner last night, and why he thinks the Star Wars Empire would beat Star Trek's Federation in a fight.
--
So while it isn't free - it is reasonable for the amount of work that is involved. Interestingly, years ago, IP.com did offer a free publishing service (in conjunction with the Foresight Institute) which allowed free publications for inventions in the software and nanotechnology areas (paid for by grants) but it was completely ignored and eventually dropped. The original story was covered on Salon and commented here on
A lot of people just dislike the patent process so much, but seem to want to complain about it rather than explore the actual alternatives.
I believe the problem isn't in GIMP itself, but in the way OSX implements X11.
The Blender Project Orange team ran up against it and wrote about it here.
That said, even though the problem isn't GIMP - it's more likely that any fix will have to come from them creating a wrapper (like seashore) rather than Apple changing X11 just for them.
I'll outline the shell of it here, but you'll have to do the legwork to complete it (or hire someone who can) as it it too detailed to put in a post here.
/username/public_html/ /username/photos/
.htaccess
Since PHP is pretty ubiquitous on webhosts, I'll assume PHP for the scripting.
You could do this with or without a database. I'll outline a path for doing it WITHOUT a db.
1) Make sure all your files have some sort of ID number for the filename (makes life easier).
2) Store *all* your files in a non-web accessible directory
ex. if your webroot is
store your pics in
this way, they can't be downloaded directly from the browser.
If you can't create a directory above your webroot, then make it inside your webroot, but protect it with
3) When a customer makes a purchase, you'll have an admin page that lets you create a 'download ticket' - when you load this page, you supply an email address and an image ID number (see #1) and it generates a 'ticket' that they can use to download the picture. (see 3a-b for details)
3a) Since this isn't Fort Knox, security doesn't need to be super tight, just enough to prevent casual sharing.
I would suggest a ticket be in a format like this.
0000-12345abc-12345678
where '0000' represents the image ID number
12345abc is the 'expiration date' encoded into base 16 (to be shorter)
12345678 - is every 4th digit of the MD5 (to keep it shorter) of the image number / date / and some secret string (that only is known to your web server)
3b) The admin page sends an email to the client using the email you provided.
"You can download your image at:
http://www.example.com/get.php?t=0000-12345abc-123 45678
This link will be functional until xxx-xx-xxxx blah blah blah"
4) You have a page 'get.php' that looks at the $_REQUEST['t'] value and does a comparison.
4a) Split the ticket into its parts ('0000' , '12345abc', '12345678')
4b) Calculate the MD5 of part 1 + part 2 + 'secret string'
4c) Get every 4th char, does it equal part 3? If not, DO NOT DOWNLOAD THE FILE, if so, continue
4d) Check the date, has it expired? If so, DO NOT DOWNLOAD THE FILE, if not DOWNLOAD THE FILE (see fpassthru() in PHP)
--
Notes:
With a database, you can record number of attempts per ticket to make sure someone isn't trying to brute force access by doing an incremental attack on the checksum (part 3) as there are only 4,294,967,296 possible combinations (16^8).
You could also add some sort of logging so that you can see who has attempted to download the file, etc.
You'd also want to make sure you're properly sanitizing the input as (at some point) you'll be translating the input value to a file path, so you need to make sure there are no potential attack vectors for walking the file system (which shouldn't happen if you check your MD5 first, but it would still be possible, especially since you're only using 1/4 of the check digits).
You want to keep the URL as short as possible for downloading so that the ticket doesn't word-wrap in their email. If it breaks, it may not be clickable any more. You'll probably also want instructions so that they can enter the ticket manually on the page, if the link in their email breaks.
Arguably, if someone figured out your secret phrase (the one you use in MD5 generation) they could generate tickets to download any of your files, but the only way they should be able to do that is if they have access to your box - which if they have access to your box they already have access to your files.
--
Are you looking for an off the shelf solution for this?
.NET, what have you).
Because this kind of thing would be pretty easy with any scripting language (PHP, Perl, ColdFusion,
Just issue a 'ticket' (token in URL) to the client when they purchase. That token can be stored on the site to allow access for a certain amount of time. You could also throttle it so that too many attempts on the same ticket trigger a lockout until you've had a chance to review it.
Otherwise, send them the URL (with the token) and give them 24 (or whatever) hours to download the file. (If they try to download more than X times before the ticket expires - lock it out until you've made sure it isn't that they've given the ticket out to 10,000 of their friends).
I have a TextPad license (not free) that I use on my personal machine, but when I need a text editor on another machine that isn't mine, I've installed Notepad++ and felt it was pretty good.
If all you are doing is resizing a picture, then yes a gui is overkill.
You do realize that there are a whole bunch of us that actually PRODUCE work as opposed to just perform basic transformations on existing images.
The CLI isn't so great for "bring up the highlights in the face area, and remove this reflection, and soften the focus on these elements but not these, etc."
There's no way in the UI from doing it, but if you open 'about:config' you can set the preferences manually.
You may need to create these keys if they don't exist. Set the value to the starred value to get the result you're looking for.
browser.link.open_newwindow
1 - open in current window
2 - open in new window (default)
3 - open in new tab [*]
(HTML links that want to open a new window)
browser.link.open_newwindow.restriction
0 - divert everything (default)
1 - divert target='_blank' but not javascript: window.open()
2 - divert everything except window.open() with three parameters
(Optional further refinement on new window requests)