...with the kernel patches from http://www.grsecurity.net. Adds support for real acl's, chroot enforcement and lots more hardening of the kernel in general.
I've been using it in a shared hosting environment so that I can allow my users to have sftp only access whilst being jailed into their home dir.
...you linked to this: http://http//www.catb.org/~esr/jargon/html/P/PEBKA C.html
which in my book ain't a valid url, and thus you have proved that in your case PEBKAC
Subversion not really a source-code repo...
on
Subversion 1.0 Released
·
· Score: 3, Interesting
...it's meant as a general file versioning system. However, there are indeed various hooks so in theory you could set something like this up. Have a look at the subversion book (linked elsewhere in the comments).
If you need a nice subversion client on windows...
on
Subversion 1.0 Released
·
· Score: 4, Informative
...you could do a lot worse than TortoiseSVN (also on tigris.org). It's an explorer shell plugin with icon overlays. Open up windows explorer, right click files to comit and whoosh...it's done.
Also has a visual diff and all sorts of other goodies in it too. There's also a (somewhat unrelated) project of the same ilk for CVS called, unsurprisingly, TortoiseCVS (different developers IIRC, same idea though, hence the similar name).
I've been using Subversion for the last 6 months and TortoiseSVN for the last 5, never had any data corruption or borked repositories, it Just Works(tm).
What I like is that the developers started eating their own dogfood fairly early on and have been self hosting for a fair while now, so that shows you how much faith they have in the system.
I agree with the r&os idea, however, if you are going to be producing bajilions of pdf's dynamically you're going to want a beefy server. If, on the other hand, you are simply delivering xxx copies of the same PDF you can use PHP's output buffering and cache the whole thing:
ob_start();
-do pdf creation and output here-
$pdfcontents=ob_get_contents();
ob_end_clean();
$fp=fopen("/path/to/pdf/file.pdf","w[b]");
fwrite($pdfcontents);
fclose($fp);
You only need the b in the fopen if you are running php/apache on windows as a file needs to be explicitly binary on that platform.
...if it's a wednesday then IBM are evil, otherwise they are good?;o)
Or it could just be: support OSS=good, rip off consumer=bad.
Reminds me of a twilight zone episode...
on
Space Burial
·
· Score: 2, Interesting
...it's Season 1, ep 20, Elegy.
Astronauts land on a planet with lots of scenes from various periods of history but everyone there seem to be frozen in time, it's actually a great big cemetery planet where the rich have their bodies sent to live out eternity.
...the show is moving from its present home to another theatre that just doesn't have a large enough orchestra pit for all the musicians required by Les Mis.
"A patch is usually made AFTER the exploit is found, not before."
Most of the stuff I've been patching recently has been found before an exploit becomes known. The recent OpenSSH patches, a result of careful code auditing, most of the recent PHP errors, same again.
Seems like a lot of worms get their "inspiration" from already posted security vulns and just rely on the fact that not everybody will patch them in time.
It is true that if the source is out in the open, there will be exploits in the wild before patches can be deployed. That's true of anything that has its source out in the open.
Problem is that source to the linux kerel and umpteen other open source projects have been out in the open for a considerable time and thus have had a fair amount of peer review going on (as well as people scouring it for their own nefarious purposes), however, the windows source code has been out what, 12 hours? Very little peer review will have happened (probably because people fear the repurcussions of admitting looking at the code), whereas bad people(tm) will have no such qualms. It's the old adage "if you outlaw guns, only the outlaws will have guns".
As far as worms and whatnot go, the ones that need executing...should never happen on a server, and those that exploit things like rpc, why the hell do you not have port 135 firewalled off, both to the outside world and to (l)user roadwarriors briging their laptops back after a week on the road.
...(I haven't read the article yet but bear with me), he's probably saying that their time is better spent getting the CLR to work first and then creating the compiler as microsofts compiles it into CLR bytecode already anyway.
This way, they get a kick ass CLR so you can deploy your apps to linux (just not compile there yet) and then they can do the whole compiler thing.
I don't know of a single sysadmin worth his salt that blindly installs microsoft patches as and when they come out. Too many times in the past Microsoft patches have royally borked systems so now before they are deployed into a mission critical environment they are tested, and then they are tested some more.
The real problem is that people who use computers are generally (these days) not au-fait with the fact that they actually have to download patches (or even just visit Windows Update).
The big worry now is that malicous persons will scour the code looking for new bugs, security researchers may not find them before the hackers and thus all sorts of shits and giggles ensues.
Here's the kick though@- since Windows runs on various hardware configs (albeit variations on a basic themem), by Microsofts' own admission it takes them MONTHS to create and test patches before deploying them. Normally that's ok because a lot of these sploits can only realistically be gleaned from looking at the source, which only they were in possession of, so there were no exploits in the wild. Now, however, there may be exploits in the wild for six months before a patch comes out and you'll have microsoft saying silly things like "don't click on links, only type them into the address bar".
...does anyone else remember when Apple bought E-Magic, makers of Logic Audio (the only true competitor of Cubase no matter what Cakewalk fanboys scream and shout), that same day E-Magic announced they were promptly dropping the wintel version of Logic. That sucked bigtime, if you were a logic user on pc, luckily I use cubase and am still happily using my expensive custom made audio machine (with nice expensive soundcard), otherwise I would have had to junk it, salvage what I could and buy a mac.
...none of those if/else and for loops...no...real programmers use tail recursion!;o)
All joking aside, whilst I never really enjoyed programming in Prolog I could never look at a finished program and not admire its elegance. Prolog is a beuatiful language, it's just a bitch to code in if you're not used to it.
...that was a commercial piece of software called After Dark that contained a buttload of really sucky screensavers, it was the Incredimail of its day, only without the spyware.
MSSql, Oracle and IBM's DB2 all come in a cut down version for around $5000 per processor. Ok, so you don't get some of the nice features like advanced clustering and replication, but if you absolutely have to have oracle (i.e., running something like SAP/3 for a small shop) then that's the way to go. The problem with Oracle and DB2 is that even once you've bought the products, you need to pay a DB guru to keep them ticking over, they can't just be setup and left, like PostgreSQL and MySQL. We use MySQL for a lot of simple websites. My companies flagship product however uses a database abstraction layer, so you can use it with any database that has the base requirements.
Slashdot Mirror
...with the kernel patches from http://www.grsecurity.net. Adds support for real acl's, chroot enforcement and lots more hardening of the kernel in general.
I've been using it in a shared hosting environment so that I can allow my users to have sftp only access whilst being jailed into their home dir.
...it made me laugh at any rate! ;o)
:o)
Not wanting to be a word nazi, but actually: Ain't isn't a word, but it is a contraction that was first used in the 1700's. Quite an interesting read.
...you linked to this: http://http//www.catb.org/~esr/jargon/html/P/PEBKA C.html
which in my book ain't a valid url, and thus you have proved that in your case PEBKAC
...it's meant as a general file versioning system. However, there are indeed various hooks so in theory you could set something like this up. Have a look at the subversion book (linked elsewhere in the comments).
there's already an eclipse plugin available.
...you could do a lot worse than TortoiseSVN (also on tigris.org). It's an explorer shell plugin with icon overlays. Open up windows explorer, right click files to comit and whoosh...it's done.
Also has a visual diff and all sorts of other goodies in it too. There's also a (somewhat unrelated) project of the same ilk for CVS called, unsurprisingly, TortoiseCVS (different developers IIRC, same idea though, hence the similar name).
I've been using Subversion for the last 6 months and TortoiseSVN for the last 5, never had any data corruption or borked repositories, it Just Works(tm).
What I like is that the developers started eating their own dogfood fairly early on and have been self hosting for a fair while now, so that shows you how much faith they have in the system.
Elmer Fudd
Pig Latin
Klingon
And my personal fave, Bork Bork Bork! (swedish chef)
I agree with the r&os idea, however, if you are going to be producing bajilions of pdf's dynamically you're going to want a beefy server. If, on the other hand, you are simply delivering xxx copies of the same PDF you can use PHP's output buffering and cache the whole thing:
ob_start();
-do pdf creation and output here-
$pdfcontents=ob_get_contents();
ob_end_clean();
$fp=fopen("/path/to/pdf/file.pdf","w[b]");
fwrite($pdfcontents);
fclose($fp);
You only need the b in the fopen if you are running php/apache on windows as a file needs to be explicitly binary on that platform.
watching this....
...the advertising clause states that all adverts for the product must include the reference that certain portions were created elsewhere.
This just states that in the distrobution SOMEWHERE you have to state that "this bit was made by xxx".
...if it's a wednesday then IBM are evil, otherwise they are good? ;o)
Or it could just be: support OSS=good, rip off consumer=bad.
...it's Season 1, ep 20, Elegy.
Astronauts land on a planet with lots of scenes from various periods of history but everyone there seem to be frozen in time, it's actually a great big cemetery planet where the rich have their bodies sent to live out eternity.
...the show is moving from its present home to another theatre that just doesn't have a large enough orchestra pit for all the musicians required by Les Mis.
This really says a lot of how much A. Russell Jones is talking out of his arse.
:o)
Average Rating: 1.2/5 | Rate this item | 139 users have rated this item
Now, let us look at the rebuttal...
Average Rating: 4.8/5 | Rate this item | 29 users have rated this item
Hooah
"A patch is usually made AFTER the exploit is found, not before."
Most of the stuff I've been patching recently has been found before an exploit becomes known. The recent OpenSSH patches, a result of careful code auditing, most of the recent PHP errors, same again.
Seems like a lot of worms get their "inspiration" from already posted security vulns and just rely on the fact that not everybody will patch them in time.
...ever heard of a process called photosynthesis?
It is true that if the source is out in the open, there will be exploits in the wild before patches can be deployed. That's true of anything that has its source out in the open.
Problem is that source to the linux kerel and umpteen other open source projects have been out in the open for a considerable time and thus have had a fair amount of peer review going on (as well as people scouring it for their own nefarious purposes), however, the windows source code has been out what, 12 hours? Very little peer review will have happened (probably because people fear the repurcussions of admitting looking at the code), whereas bad people(tm) will have no such qualms. It's the old adage "if you outlaw guns, only the outlaws will have guns".
As far as worms and whatnot go, the ones that need executing...should never happen on a server, and those that exploit things like rpc, why the hell do you not have port 135 firewalled off, both to the outside world and to (l)user roadwarriors briging their laptops back after a week on the road.
...(I haven't read the article yet but bear with me), he's probably saying that their time is better spent getting the CLR to work first and then creating the compiler as microsofts compiles it into CLR bytecode already anyway.
This way, they get a kick ass CLR so you can deploy your apps to linux (just not compile there yet) and then they can do the whole compiler thing.
...sorry, but you are.
I don't know of a single sysadmin worth his salt that blindly installs microsoft patches as and when they come out. Too many times in the past Microsoft patches have royally borked systems so now before they are deployed into a mission critical environment they are tested, and then they are tested some more.
The real problem is that people who use computers are generally (these days) not au-fait with the fact that they actually have to download patches (or even just visit Windows Update).
The big worry now is that malicous persons will scour the code looking for new bugs, security researchers may not find them before the hackers and thus all sorts of shits and giggles ensues.
Here's the kick though@- since Windows runs on various hardware configs (albeit variations on a basic themem), by Microsofts' own admission it takes them MONTHS to create and test patches before deploying them. Normally that's ok because a lot of these sploits can only realistically be gleaned from looking at the source, which only they were in possession of, so there were no exploits in the wild. Now, however, there may be exploits in the wild for six months before a patch comes out and you'll have microsoft saying silly things like "don't click on links, only type them into the address bar".
...does anyone else remember when Apple bought E-Magic, makers of Logic Audio (the only true competitor of Cubase no matter what Cakewalk fanboys scream and shout), that same day E-Magic announced they were promptly dropping the wintel version of Logic. That sucked bigtime, if you were a logic user on pc, luckily I use cubase and am still happily using my expensive custom made audio machine (with nice expensive soundcard), otherwise I would have had to junk it, salvage what I could and buy a mac.
...you will fall afoul of their vague "AUP" ;o)
...none of those if/else and for loops...no...real programmers use tail recursion! ;o)
All joking aside, whilst I never really enjoyed programming in Prolog I could never look at a finished program and not admire its elegance. Prolog is a beuatiful language, it's just a bitch to code in if you're not used to it.
text of link
...that was a commercial piece of software called After Dark that contained a buttload of really sucky screensavers, it was the Incredimail of its day, only without the spyware.
MSSql, Oracle and IBM's DB2 all come in a cut down version for around $5000 per processor. Ok, so you don't get some of the nice features like advanced clustering and replication, but if you absolutely have to have oracle (i.e., running something like SAP/3 for a small shop) then that's the way to go. The problem with Oracle and DB2 is that even once you've bought the products, you need to pay a DB guru to keep them ticking over, they can't just be setup and left, like PostgreSQL and MySQL. We use MySQL for a lot of simple websites. My companies flagship product however uses a database abstraction layer, so you can use it with any database that has the base requirements.