I'd pop over to WebHostingTalk and check out the reviews for any host you're considering.
In general, you can get a pretty good feel for a host by what's been said about them at WHT. Many hosting co's also actively post at WHT, so you can often see what their support staff is like as well.
I never claimed that binding *was* escaping, just that many DB abstraction APIs handled escaping automatically during variable binding (think ADODB). And yes, I am well aware that PHP's MySQL API is little more than a direct interface to the C API provided by libmysqlclient.
I also agree that magic_quotes_gpc is a nasty hack (I personally have it disabled). But it protects the vast majority of the unwashed masses from typical SQL injection vulns when enabled.
Personally, I don't see how folks fall victim to SQL injection attacks when PHP's defaults (and most decent database abstraction API's) make it so difficult to do so. As I said, if you get hit by something like this, you're almost certainly doing something stupid.
The only issue is that any competent programmer knows that you absolutely must escape all user input prior to using it in an SQL query.
Most common SQL libraries also provide support for variable binding, which handles escaping automatically. And since this post is about PHP... PHP has magic_quotes_gpc enabled by default, which automatically escapes user input to begin with. (Not that I necessarily think that's the best approach, but it certainly helps when dealing with newbie coders.)
Of course, I'm not arguing against stored procedures - that's obviously a good solution, too. But really, if your scripts fall victim to the type of SQL injection vulnerability you described, then (IMO) you pretty much deserve what you get.
Realistically, you don't want to send money to a "merchant" that can't qualify for a Visa/MC merchant account.... Someone who doesn't have them is probably doing something wrong.
If by "doing something wrong", you mean "based outside of the US", then yes, you're probably right.
While it's trivial to obtain a merchant account in the U.S., it's damn near impossible for a small online (non-brick-and-mortar) business to get one if they're based in Canada or elsewhere.
Disclaimer: I'm one of the developers for this product.
Re:Cha ching, reloaded.
on
Gates on Spam
·
· Score: 5, Informative
If you read the article, it's actually nothing to do with anything like Seti@Home, or any distributed computing application.
The computation is simply there to consume time, so that it takes longer to send a message. The mail server knows the answer in advance, and if the client provides the correct answer, the message is relayed... if not, it's denied.
That way, spammers HAVE to perform the expensive computation, which significantly slows their mass-mailing efforts. Typical users wouldn't even notice the delay (it could be done in the background or whatever, after the user clicks send).
The results of the computation itself are meaningless... so nobody benefits from them, including Microsoft.
Not that I'm advocating the use of IE (bleh!), but the author of that page appears to be talking out of his ass right from the start.
The magical "hidden folder" that's "segregated from the main filesystem" and "doesn't seem to exist" (C:\DOCUME~1\YourName\Local Settings\History\History.IE5\) is really just a plain ol' system folder.
Go to a command prompt and run:
attrib -s C:\DOCUME~1\YourName\Local Settings\History\History.IE5\
Wow, now the folder appears just like any other folder.
As for the deeply mysterious "encrypted" file inside it, index.dat... it's just a plain ol' binary file. Open it up in any hex editor and you can read all of the URLs stashed inside just fine.
The file "cannot be deleted by any normal means" because it's in use by Explorer (which is always running - it's your shell). If you've ever done any work with programming shell extensions, you'll have run into the same problem.
Put the following into your autoexec.bat (or any similar startup file - anything that runs before Explorer starts) and you can delete it just fine:
del C:\DOCUME~1\YourName\Local Settings\History\History.IE5\index.dat
Granted, IE may not be worth its weight in spit, but this guy appears to be a little bit off his nut.
they're still in the same position to sell that same hardware (and perhaps services) regarless of whether some other organization is violating a GPL stipulation
If the GPL is questioned in a serious lawsuit, it'll be more than just "some other organization violating the GPL". You'd essentially be proving (or disproving) the legal validity of the GPL.
I suppose it depends on what happens to previously-GPL'd code if the GPL is ruled unenforceable. I really know nothing about it, but I've heard speculation that all GPL'd code could revert back to being "just plain copyrighted" by the author if the GPL was stricken down. I understand that to mean that unless the author chose to re-release it under a different, valid, free license, you'd have no legal right to continue using it at all.
Their interest in GPL is limited to the extent that it can help them sell hardware
IBM was just an example, but I'd imagine it'd be pretty hard to sell hardware if you're not legally entitled to use the code.
Just curious about this, but has anybody ever been sued for a GPL violation?
AFAIK, it's never gone to court.
If nobody ever gets in any trouble for using GPL code in a closed project, then isn't it reasonable to assume that it'll happen more often?
I'd have to assume it'd be a gamble for both sides... would you really want to be the first company to test out the GPL? And even if you won, is that really the kind of PR you want?
And who is supposed to hire the lawyers on behalf of a free project? And don't tell me FSF will just handle everybody's legal troubles pro-bono...
I believe they will, if you sign over the copyright:
"...only the copyright holders are empowered to act against violations. The FSF acts on all GPL violations reported on FSF copyrighted code, and we offer assistance to any other copyright holder who wishes to do the same."
And failing that, don't forget that a lot of companies have significant interest in GPL'd software (think IBM, Novell, etc). If the GPL really ever came into question, I imagine you'd see more than a few significant financial contributions from third parties.
Why is this modded up? You do realize that VMware images can be copied to another machine running another copy of VMware, and booted without further effort, right?
So all it would take is for someone to compromise the host machine. A thief wouldn't need to compromise the virtual machine or sniff packets; he could just download the VM's disk image from the host machine and boot it at his leisure on his own machine.
This is apparently totally unrelated to the worm - I didn't get many details, but apparently a fiber line got trashed somewhere and it's brought down a ton of BC's ATM's.
I think it really depends on what they're doing with the Windows VM's. If they're booting up their Linux boxes, firing up VMware and spending the duration of the day in Windows, then yeah, that's pointless.
But if they're only using Windows/MSOffice under VMware to aid in the transition to non-MS software, and using Linux everything else, this could be a huge opportunity to introduce Linux on a large scale without pissing people off with OpenOffice incompatibilities, etc...
IMO, this is a good thing.
I think the whole point of this project is not to help individual users, but to reduce the overall problem of spam.
If enough admins implement this system, it'll be a serious PITA for spammers, which will reduce the amount of spam they can send, which reduces the amount of junk you have to sift through.
So in the long run, yes, it should help.
I was actually staying with relatives in Salisbury, but I had the opportunity to visit a number of cities around the country... including London.
I never had any problems with the trains or buses; for the most part, they were always on time... the only major delay I had was when they found a drunk passed out on the train tracks one day... not sure why, but it took them about 25 mins to get him off the tracks, during which time the train was stopped dead.:)
As for price, I did have a BritRail pass (and I got my money's worth:) so I guess I managed to avoid the cost issue there.
I'm a few provinces over from the guy in the article (BC, Canada), but England's public transit system is far superior to anything we have in Canada, and anything I've seen in the states.
That's the first thing that struck me the first time I visited England - cellular technology (incl. WAP) is far, far more widespread and advanced (just about everyone--senior or 8-year-old, has a cell), and the public transit system (esp. the underground) is incredible... you can get just about anywhere via bus/tube... whereas out here, if you don't have a car, you're basically screwed.
Anyway, point being, it makes sense that your public transportation has a higher budget than out here (or in Winnipeg); yours definitely gets much more use.
It doesn't use Flash, it's just really crazy DHTML/Javascript... I thought it was Flash at first, too, but if you right-click you can see otherwise.
I'm not really sure what the point of the project is, though... they obviously spent a LOT of time making it look and feel just like the original games, but you can't actually do anything but walk around.
Cool concept, but... could've done a lot more with it.
Last time I installed it, a single page took anywhere from 30 seconds to 3 minutes to load (if it loaded at all).
Seriously, Freenet is an excellent idea, but until it reaches a decent speed (eg: anywhere close to regular HTTP) it's practically useless for casual surfing.
Erm, yeah, but Lindows doesn't run Win32 apps either.
I think the poster was referring to the fact that Lindows aims to be very similar to XP in look/feel. XPde seems to do the same thing, while allowing the user to use whichever Linux distro he/she chooses (rather than having to use an oddball distro like Lindows).
First, ditch KDE and grab a lighter-weight window manager like BlackBox or TWM. Better yet, if possible, ditch X altogether and use the console.
My main network/internet server is a measly ol' IBM Pentium Pro 200MHz. I could upgrade it (I've got several much faster systems gathering dust) - but why?
It handles my light website traffic (a few thousand visits/day) with Apache/PHP/MySQL, and runs Squid, ProFTPd, Qmail, JabberD, and Samba for fileserving to the network... plus whatever I want to do at a console. And it barely breaks a sweat.
Re:Cropping needs improving
on
Making A Videowall
·
· Score: 4, Interesting
I think in this case they would've been better off with a different brand/type of monitor altogether... those ones have far too much plastic trim around them.
Cropping that much out of the movie would really kill the image, and the only other alternative would be to remove all the monitors from their mouldings to get 'em closer together (not fun).
Sweet project, though.
I found just the opposite - I've been using RedHat (among others) for a few years. I just recently tried Debian, and it was soooo nice to just do a base install, and apt-get only the packages I wanted for a lean, mean server system (rather than a mess of stuff you don't want or need).
In fact, apt-get is a lot easier to use an anything I've seen on RedHat - no dependency issues, no version numbers, just apt-get install packagename and you're done.
And besides, once you're comfortable with any Linux, I don't think Debian's installer isn't really all that intimidating anyway... (unless you've never seen a console before...:)
Slashdot Mirror
I'd pop over to WebHostingTalk and check out the reviews for any host you're considering.
In general, you can get a pretty good feel for a host by what's been said about them at WHT. Many hosting co's also actively post at WHT, so you can often see what their support staff is like as well.
I never claimed that binding *was* escaping, just that many DB abstraction APIs handled escaping automatically during variable binding (think ADODB). And yes, I am well aware that PHP's MySQL API is little more than a direct interface to the C API provided by libmysqlclient. I also agree that magic_quotes_gpc is a nasty hack (I personally have it disabled). But it protects the vast majority of the unwashed masses from typical SQL injection vulns when enabled. Personally, I don't see how folks fall victim to SQL injection attacks when PHP's defaults (and most decent database abstraction API's) make it so difficult to do so. As I said, if you get hit by something like this, you're almost certainly doing something stupid.
The only issue is that any competent programmer knows that you absolutely must escape all user input prior to using it in an SQL query.
Most common SQL libraries also provide support for variable binding, which handles escaping automatically. And since this post is about PHP... PHP has magic_quotes_gpc enabled by default, which automatically escapes user input to begin with. (Not that I necessarily think that's the best approach, but it certainly helps when dealing with newbie coders.)
Of course, I'm not arguing against stored procedures - that's obviously a good solution, too. But really, if your scripts fall victim to the type of SQL injection vulnerability you described, then (IMO) you pretty much deserve what you get.
Realistically, you don't want to send money to a "merchant" that can't qualify for a Visa/MC merchant account. ... Someone who doesn't have them is probably doing something wrong.
If by "doing something wrong", you mean "based outside of the US", then yes, you're probably right.
While it's trivial to obtain a merchant account in the U.S., it's damn near impossible for a small online (non-brick-and-mortar) business to get one if they're based in Canada or elsewhere.
Already been done without Java or Flash. (demo).
Disclaimer: I'm one of the developers for this product.
If you read the article, it's actually nothing to do with anything like Seti@Home, or any distributed computing application. The computation is simply there to consume time, so that it takes longer to send a message. The mail server knows the answer in advance, and if the client provides the correct answer, the message is relayed... if not, it's denied. That way, spammers HAVE to perform the expensive computation, which significantly slows their mass-mailing efforts. Typical users wouldn't even notice the delay (it could be done in the background or whatever, after the user clicks send). The results of the computation itself are meaningless... so nobody benefits from them, including Microsoft.
Not that I'm advocating the use of IE (bleh!), but the author of that page appears to be talking out of his ass right from the start.
The magical "hidden folder" that's "segregated from the main filesystem" and "doesn't seem to exist" (C:\DOCUME~1\YourName\Local Settings\History\History.IE5\) is really just a plain ol' system folder.
Go to a command prompt and run:
attrib -s C:\DOCUME~1\YourName\Local Settings\History\History.IE5\
Wow, now the folder appears just like any other folder.
As for the deeply mysterious "encrypted" file inside it, index.dat... it's just a plain ol' binary file. Open it up in any hex editor and you can read all of the URLs stashed inside just fine.
The file "cannot be deleted by any normal means" because it's in use by Explorer (which is always running - it's your shell). If you've ever done any work with programming shell extensions, you'll have run into the same problem.
Put the following into your autoexec.bat (or any similar startup file - anything that runs before Explorer starts) and you can delete it just fine:
del C:\DOCUME~1\YourName\Local Settings\History\History.IE5\index.dat
Granted, IE may not be worth its weight in spit, but this guy appears to be a little bit off his nut.
they're still in the same position to sell that same hardware (and perhaps services) regarless of whether some other organization is violating a GPL stipulation
If the GPL is questioned in a serious lawsuit, it'll be more than just "some other organization violating the GPL". You'd essentially be proving (or disproving) the legal validity of the GPL.
I suppose it depends on what happens to previously-GPL'd code if the GPL is ruled unenforceable. I really know nothing about it, but I've heard speculation that all GPL'd code could revert back to being "just plain copyrighted" by the author if the GPL was stricken down. I understand that to mean that unless the author chose to re-release it under a different, valid, free license, you'd have no legal right to continue using it at all.
Their interest in GPL is limited to the extent that it can help them sell hardware
IBM was just an example, but I'd imagine it'd be pretty hard to sell hardware if you're not legally entitled to use the code.
Just curious about this, but has anybody ever been sued for a GPL violation?
AFAIK, it's never gone to court.
If nobody ever gets in any trouble for using GPL code in a closed project, then isn't it reasonable to assume that it'll happen more often?
I'd have to assume it'd be a gamble for both sides... would you really want to be the first company to test out the GPL? And even if you won, is that really the kind of PR you want?
And who is supposed to hire the lawyers on behalf of a free project? And don't tell me FSF will just handle everybody's legal troubles pro-bono...
I believe they will, if you sign over the copyright:
"...only the copyright holders are empowered to act against violations. The FSF acts on all GPL violations reported on FSF copyrighted code, and we offer assistance to any other copyright holder who wishes to do the same."
And failing that, don't forget that a lot of companies have significant interest in GPL'd software (think IBM, Novell, etc). If the GPL really ever came into question, I imagine you'd see more than a few significant financial contributions from third parties.
That archive only contains the source for busybox and uclinux... no mplayer source is included, which means it's still a GPL violation.
Not to mention the fact that you need to include a copy of the full text of the GPL with your binaries, which they also seem to fail to do.
Why is this modded up? You do realize that VMware images can be copied to another machine running another copy of VMware, and booted without further effort, right? So all it would take is for someone to compromise the host machine. A thief wouldn't need to compromise the virtual machine or sniff packets; he could just download the VM's disk image from the host machine and boot it at his leisure on his own machine.
This is apparently totally unrelated to the worm - I didn't get many details, but apparently a fiber line got trashed somewhere and it's brought down a ton of BC's ATM's.
I think it really depends on what they're doing with the Windows VM's. If they're booting up their Linux boxes, firing up VMware and spending the duration of the day in Windows, then yeah, that's pointless.
But if they're only using Windows/MSOffice under VMware to aid in the transition to non-MS software, and using Linux everything else, this could be a huge opportunity to introduce Linux on a large scale without pissing people off with OpenOffice incompatibilities, etc... IMO, this is a good thing.
I think the whole point of this project is not to help individual users, but to reduce the overall problem of spam. If enough admins implement this system, it'll be a serious PITA for spammers, which will reduce the amount of spam they can send, which reduces the amount of junk you have to sift through. So in the long run, yes, it should help.
I was actually staying with relatives in Salisbury, but I had the opportunity to visit a number of cities around the country... including London.
:)
:) so I guess I managed to avoid the cost issue there.
I never had any problems with the trains or buses; for the most part, they were always on time... the only major delay I had was when they found a drunk passed out on the train tracks one day... not sure why, but it took them about 25 mins to get him off the tracks, during which time the train was stopped dead.
As for price, I did have a BritRail pass (and I got my money's worth
I'm a few provinces over from the guy in the article (BC, Canada), but England's public transit system is far superior to anything we have in Canada, and anything I've seen in the states.
That's the first thing that struck me the first time I visited England - cellular technology (incl. WAP) is far, far more widespread and advanced (just about everyone--senior or 8-year-old, has a cell), and the public transit system (esp. the underground) is incredible... you can get just about anywhere via bus/tube... whereas out here, if you don't have a car, you're basically screwed.
Anyway, point being, it makes sense that your public transportation has a higher budget than out here (or in Winnipeg); yours definitely gets much more use.
It doesn't use Flash, it's just really crazy DHTML/Javascript... I thought it was Flash at first, too, but if you right-click you can see otherwise.
I'm not really sure what the point of the project is, though... they obviously spent a LOT of time making it look and feel just like the original games, but you can't actually do anything but walk around.
Cool concept, but... could've done a lot more with it.
Yup, and slow as hell.
Last time I installed it, a single page took anywhere from 30 seconds to 3 minutes to load (if it loaded at all).
Seriously, Freenet is an excellent idea, but until it reaches a decent speed (eg: anywhere close to regular HTTP) it's practically useless for casual surfing.
They've received the rights to air 72 episodes, so it'll be about 14.4 weeks, or 3.6 months, before they have to show repeats.
:)
Even so, repeats can be a good thing if (like me) you don't have time to religiously watch TV 5 nights a week.
Erm, yeah, but Lindows doesn't run Win32 apps either.
I think the poster was referring to the fact that Lindows aims to be very similar to XP in look/feel. XPde seems to do the same thing, while allowing the user to use whichever Linux distro he/she chooses (rather than having to use an oddball distro like Lindows).
Yep.
"Should you make money in the virtual world, you can also withdraw it to your real world account and thus actually make money in a virtual world."
Pretty cool, actually.
First, ditch KDE and grab a lighter-weight window manager like BlackBox or TWM. Better yet, if possible, ditch X altogether and use the console.
My main network/internet server is a measly ol' IBM Pentium Pro 200MHz. I could upgrade it (I've got several much faster systems gathering dust) - but why?
It handles my light website traffic (a few thousand visits/day) with Apache/PHP/MySQL, and runs Squid, ProFTPd, Qmail, JabberD, and Samba for fileserving to the network... plus whatever I want to do at a console. And it barely breaks a sweat.
I think in this case they would've been better off with a different brand/type of monitor altogether... those ones have far too much plastic trim around them. Cropping that much out of the movie would really kill the image, and the only other alternative would be to remove all the monitors from their mouldings to get 'em closer together (not fun). Sweet project, though.
You being slashdot user #4015 and most likely a real geeky guy, let me explain that making kids for free is not very difficult.
And the sad thing is, that post is modded 'Informative'...
I found just the opposite - I've been using RedHat (among others) for a few years. I just recently tried Debian, and it was soooo nice to just do a base install, and apt-get only the packages I wanted for a lean, mean server system (rather than a mess of stuff you don't want or need).
:)
In fact, apt-get is a lot easier to use an anything I've seen on RedHat - no dependency issues, no version numbers, just apt-get install packagename and you're done.
And besides, once you're comfortable with any Linux, I don't think Debian's installer isn't really all that intimidating anyway... (unless you've never seen a console before...