Personally, I found that dynamically generating my CSS from PHP is the solution. It's easy to understand, easy to write, cross platform, and (using the etag trick), has good performance and bandwidth use.
So I have a bunch of rules like this: echo "body{ height:100%; background: $colour_body_bg; font-family: $fontface_body; color: $colour_body_text}\n"; Even better, I can support slightly different versions of the stylesheet by linking to "style.php?style=theme_name".
Then, to handle performance and bandwidth, I use etags. The browser will always cache this document at least 10 minutes. After that, it will check for a newer version, but the server will usually reply with 304 (unchanged). $last_modified_time = filemtime(__FILE__); $etag = md5_file(__FILE__); header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT"); header("Etag: $etag"); if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
header("HTTP/1.1 304 Not Modified");
exit; } header("Cache-Control: max-age=600"); header("Content-type: text/css");
That would be ideal, but it requires elevated privileges (no idea why that should be). So I'd have to put it in a firefox extension.
I'm trying to protect normal users who may not be aware that their employer is MITMing them by providing them with a web browser which has been misconfigured into trusting the cert of an SSL proxy appliance.
I'd like (ideally) to write a php script that would detect when my users are on "compromised" machines, and warn them. What I want is to write some javascript that would send back to the server what the client *thinks* is my certificate fingerprint.
Why? If the connection is being MITMd, then both sides need to be able to figure this out. There was a long discussion on this (regrettably rejected by the browser vendor) to allow the SSL fingerprint to be obtained in JS. That would make it reasonably easy for the site operator to verify that the SSL cert hadn't been tampered with. (Of course, a really evil proxy can scan for the JS, but that game of whack-a-mole is usually easier for the good guys to win, at least sometimes).
As a website operator, I want to know if my content is being MITMd en route to the user. I know about the SSL fingerprint trick that lets a really technical user discover proxying, but I want to automate this process server-side, and stick up a big banner to say "Your employer is snooping on this connection, please log in from a trusted machine" (and then I'll prevent the user from logging in).
I've never understood why we can't get the window-manager and the application to play nice, and share one bar. Usually, there's plenty of space horizontally, and too little vertically. So, why not have the combination of: [icon] File Edit View History Bookmarks Tools Help....... "The window title goes here"....... _ [] X
Of course . but the consumer could then have their favourite OS and phone. For example, I might like a Nokia running Android, while somone else might prefer an S5 with Windows. (What I really want is an iPad with Lubuntu).
True, but how many consumers would like a phone that can run their choice of OS? I certainly would. If necessary, I'd even pay for MS as long as I don't have to use it. (as with almost all laptops)
I've found twice now that, on reporting stolen devices (to the UK police), even if we know exactly where they are (trackers, phone home etc), there's no way to get the police to react (promptly) to go and get it back. If the police would quickly go and retrieve stolen devices, the problem would vanish.
Specifically, can we assume that any extension loaded into Firefox via the official extensions repository, is open-source, and that someone from Mozilla is checking the extension before an update is released?
I looked at this, and there are 2 things I can't understand:
1. How does key distribution work? Even public-key crypto of this type doesn't necessarily work if there is a man in the middle. 2. How is metadata protected? For an SMS, often the timestamp and sender/recipient pairing is as revealing as the message content.
For Linux users, is there any way to replace the iTunes functionality to get music and photos onto an iDevice, and have it properly recognise the library? I only use Linux, but have an iPad3. I have mediocre photo functionality[1] via a jailbreak, but am still stuck with only one folder and no sub-folders. As for getting music on there (especially.ogg), forget it. [1] http://www.richardneill.org/stotbig#ipad
I agree. Clementine just works, and stays out of your way otherwise. It responds quickly to external changes to the library (using inotify). For me, my music collection is a set of well-ordered files/directories, each with a.m3u playlist and appropriate tags. (The Unix "everything is a file" approach works well here). Then the music player is just for playback, for playing them, and not for editing tags (use easytag), ripping CDs (a shell-script), nor for buying music (CD store).
If we're talking about the great firewall of china, you're right. BUT most corporate proxies run fairly standard software, and only update it every few months (if that). So, there's a pretty good chance of my getting the JS through the first time, and of the vendor taking a long time to work around it (if they ever do). Yes it's cat and mouse, but there are a lot of mice with different strategies, the cat isn't very quick, and as long as the mouse gets through once, it's enough to let the user know he's being snooped on.
I operate a webserver, and I'd like to protect my users against SSL proxying. At the moment, all I can do is tell them to check my key's fingerprint against what the browser shows. But I'd really like to do this in JS. Is there any way to use JS to get the fingerprint string (that I can see by clicking on the padlock icon)? Then I could send that back to the server (from JS), and check if it's been tampered.
(A really effective evil proxy would be able to defeat this, but most corporate proxys aren't going to be able to parse my own JS and work out precisely how to transparently defeat it).
I am the author of a small university dating website, and I recently had this explained to me. Looking at something like the "Genderbread person" it seems that sexual-identity isn't the simple set of options that I originally designed i.e. "{Male,Female} seeks {Male, Female, Either}". In fact, it's a 16-dimensional space, with floating point coordinates (4 axes, each with a mean and std-dev, and the same 4+4 for what you seek).
BUT... what is a computer programmer to do? I don't have the slightest idea even what pronouns to use, let alone how to sensibly represent this 16-D space, or make it searchable. Any ideas? There's an excellent site about "Falsehoods programmers believe about names"... could someone write something similar for gender?
In the end, my response to the requestor was that, regrettably, we had started out with a design saying that sex was boolean (M/F), and would they please pick the nearest match for themself, then elaborate in the comments. I made a design error when I started out, but haven't the time to fix it now (I estimate a man-week to fix and test all the instances where the codebase assumes that !M F), and for a 600-member site without membership fees, this isn't practical. But I'd love to see some documentation of the correct way to handle the problem, so that maybe in future I can fix the design.
There seem to be quite a lot of references, usually well researched and with eyewitness testimony about poor care. Cases where her victims suffered and died because they went to her care centers, rather than to the existing hospitals. Not to mention the awful waste of giving money to support missionaries rather than medical care. Another example: http://futiledemocracy.wordpress.com/2011/03/28/the-curse-of-mother-theresa/
As for defending the right to oppose contraception... yes, I agree with you in a Western context, where it's just a debate, and people can rationally choose. But in many less secular societies, this is the equivalent of "fire in a crowded theatre" - her advocacy actually denied people access to birth control, keeping the uneducated poor poor - at this point, it goes from an issue of free speech to one of moral culpability (in the same way that the previous South African president has the blood of millions on his hands for his continued assertions that AIDS was caused by poverty, not by HIV).
Also, we do actually need the occasional contrarian. Our democracy is weak enough without further deference to the strong, wealthy and powerful! Also, to be a "troll", it's usually implicit that the argument itself is weak. I've not yet seen Hitchens lose a debate.
Hmm... it's not the relations with dictators that I find so repulsive, nor even her absolute opposition to abortion. Those might be what you call "slip-ups". But she did, in fact, preside over awful standards of care, people were denied access to medical treatment, and suffering was not alleviated, because it was considered "spiritually noble". MT also campaigned agains family planning and contraception. So while, by religious lights, she might have been "moral", the effect was deeply cruel and wicked, keeping people in poverty and away from real medical care.
Also, if you want to take issue with Hitchens,I don't really think you should imply that Henry Kissinger was among the better specimens of humanity! Nor, for that matter, was the previous Pope (whose time in the Hitler Youth one may overlook, as the actions of a child under compulsion, but who fully deserves to go to Hell for knowing inaction on child-abuse, and opposition to condoms despite HIV).
That said, I do entirely agree with you that nobody is perfect and anyone can be made to look bad. Your "exhilaration" quote is one example... I checked the context of this, and while I don't find it in good taste, it's not an uncommon description of how some people feel at the start of a war, even those on the good side. (You might consider imagining yourself as Churchill, at the moment when Hitler invaded Poland - a rather strange mix of gloom at the inevitable impending tragedy, combined with some excitement that, finally, because the evil thing has become so bad, that the world can delay acting no longer and that it will stand up and fight.)
Slashdot Mirror
(And of course, it's eaten my HTML examples!)
Let's try again, with: '<div c' becoming '<div class="></div>
I wonder whether anyone has an editor with really good auto-completion suggestions.
For example, in HTML, I might type:
Alternatively, in PHP, I might type: forea
and the editor should offer me: foreach ($key => $val){
It should also be able to show the documentation for the functions within a tooltip, do inline syntax lint checking, and support refactoring.
So far, I would also mention "Brackets" and Github's "Atom" editors as worth looking at.
Personally, I found that dynamically generating my CSS from PHP is the solution. It's easy to understand, easy to write, cross platform, and (using the etag trick), has good performance and bandwidth use.
So I have a bunch of rules like this:
echo "body{ height:100%; background: $colour_body_bg; font-family: $fontface_body; color: $colour_body_text}\n";
Even better, I can support slightly different versions of the stylesheet by linking to "style.php?style=theme_name".
Then, to handle performance and bandwidth, I use etags. The browser will always cache this document at least 10 minutes. After that, it will check for a newer version, but the server will usually reply with 304 (unchanged).
$last_modified_time = filemtime(__FILE__);
$etag = md5_file(__FILE__);
header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT");
header("Etag: $etag");
if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
header("HTTP/1.1 304 Not Modified");
exit;
}
header("Cache-Control: max-age=600");
header("Content-type: text/css");
That would be ideal, but it requires elevated privileges (no idea why that should be). So I'd have to put it in a firefox extension.
I'm trying to protect normal users who may not be aware that their employer is MITMing them by providing them with a web browser which has been misconfigured into trusting the cert of an SSL proxy appliance.
How does DNSSEC help?
I'd like (ideally) to write a php script that would detect when my users are on "compromised" machines, and warn them.
What I want is to write some javascript that would send back to the server what the client *thinks* is my certificate fingerprint.
As the operator of the webserver, I certainly don't consent, even if the employee had no choice..
Is there any way to detect this server-side?
Why? If the connection is being MITMd, then both sides need to be able to figure this out.
There was a long discussion on this (regrettably rejected by the browser vendor) to allow the SSL fingerprint to be obtained in JS. That would make it reasonably easy for the site operator to verify that the SSL cert hadn't been tampered with. (Of course, a really evil proxy can scan for the JS, but that game of whack-a-mole is usually easier for the good guys to win, at least sometimes).
As a website operator, I want to know if my content is being MITMd en route to the user. I know about the SSL fingerprint trick that lets a really technical user discover proxying, but I want to automate this process server-side, and stick up a big banner to say "Your employer is snooping on this connection, please log in from a trusted machine" (and then I'll prevent the user from logging in).
I've never understood why we can't get the window-manager and the application to play nice, and share one bar. Usually, there's plenty of space horizontally, and too little vertically. So, why not have the combination of: ....... "The window title goes here" ....... _ [] X
[icon] File Edit View History Bookmarks Tools Help
Of course . but the consumer could then have their favourite OS and phone. For example, I might like a Nokia running Android, while somone else might prefer an S5 with Windows. (What I really want is an iPad with Lubuntu).
But a dual-boot phone, especially if it shipped with both would be widely liked, I think.
True, but how many consumers would like a phone that can run their choice of OS? I certainly would.
If necessary, I'd even pay for MS as long as I don't have to use it. (as with almost all laptops)
If I can get a high-end Lumia and have Android, that would be amazing.
I've found twice now that, on reporting stolen devices (to the UK police), even if we know exactly where they are (trackers, phone home etc), there's no way to get the police to react (promptly) to go and get it back. If the police would quickly go and retrieve stolen devices, the problem would vanish.
Specifically, can we assume that any extension loaded into Firefox via the official extensions repository, is open-source, and that someone from Mozilla is checking the extension before an update is released?
I looked at this, and there are 2 things I can't understand:
1. How does key distribution work? Even public-key crypto of this type doesn't necessarily work if there is a man in the middle.
2. How is metadata protected? For an SMS, often the timestamp and sender/recipient pairing is as revealing as the message content.
For Linux users, is there any way to replace the iTunes functionality to get music and photos onto an iDevice, and have it properly recognise the library? .ogg), forget it.
I only use Linux, but have an iPad3. I have mediocre photo functionality[1] via a jailbreak, but am still stuck with only one folder and no sub-folders. As for getting music on there (especially
[1] http://www.richardneill.org/stotbig#ipad
I agree. Clementine just works, and stays out of your way otherwise. It responds quickly to external changes to the library (using inotify). .m3u playlist and appropriate tags. (The Unix "everything is a file" approach works well here). Then the music player is just for playback, for playing them, and not for editing tags (use easytag), ripping CDs (a shell-script), nor for buying music (CD store).
For me, my music collection is a set of well-ordered files/directories, each with a
If we're talking about the great firewall of china, you're right. BUT most corporate proxies run fairly standard software, and only update it every few months (if that). So, there's a pretty good chance of my getting the JS through the first time, and of the vendor taking a long time to work around it (if they ever do). Yes it's cat and mouse, but there are a lot of mice with different strategies, the cat isn't very quick, and as long as the mouse gets through once, it's enough to let the user know he's being snooped on.
Hashing it won't help - I want to inform the user that their data is being intercepted, not that it's being corrupted.
I operate a webserver, and I'd like to protect my users against SSL proxying. At the moment, all I can do is tell them to check my key's fingerprint against what the browser shows. But I'd really like to do this in JS. Is there any way to use JS to get the fingerprint string (that I can see by clicking on the padlock icon)? Then I could send that back to the server (from JS), and check if it's been tampered.
(A really effective evil proxy would be able to defeat this, but most corporate proxys aren't going to be able to parse my own JS and work out precisely how to transparently defeat it).
I think I'd go for the exact opposite argument: that public-interest should be a valid defense to breaking the official secrets act.
I am the author of a small university dating website, and I recently had this explained to me. Looking at something like the "Genderbread person" it seems that sexual-identity isn't the simple set of options that I originally designed i.e. "{Male ,Female} seeks {Male, Female, Either}". In fact, it's a 16-dimensional space, with floating point coordinates
(4 axes, each with a mean and std-dev, and the same 4+4 for what you seek).
BUT... what is a computer programmer to do? I don't have the slightest idea even what pronouns to use, let alone how to sensibly represent this 16-D space, or make it searchable. Any ideas? There's an excellent site about "Falsehoods programmers believe about names"... could someone write something similar for gender?
In the end, my response to the requestor was that, regrettably, we had started out with a design saying that sex was boolean (M/F), and would they please pick the nearest match for themself, then elaborate in the comments. I made a design error when I started out, but haven't the time to fix it now (I estimate a man-week to fix and test all the instances where the codebase assumes that !M F), and for a 600-member site without membership fees, this isn't practical. But I'd love to see some documentation of the correct way to handle the problem, so that maybe in future I can fix the design.
There seem to be quite a lot of references, usually well researched and with eyewitness testimony about poor care. Cases where her victims suffered and died because they went to her care centers, rather than to the existing hospitals. Not to mention the awful waste of giving money to support missionaries rather than medical care. Another example: http://futiledemocracy.wordpress.com/2011/03/28/the-curse-of-mother-theresa/
As for defending the right to oppose contraception... yes, I agree with you in a Western context, where it's just a debate, and people can rationally choose. But in many less secular societies, this is the equivalent of "fire in a crowded theatre" - her advocacy actually denied people access to birth control, keeping the uneducated poor poor - at this point, it goes from an issue of free speech to one of moral culpability (in the same way that the previous South African president has the blood of millions on his hands for his continued assertions that AIDS was caused by poverty, not by HIV).
Also, we do actually need the occasional contrarian. Our democracy is weak enough without further deference to the strong, wealthy and powerful! Also, to be a "troll", it's usually implicit that the argument itself is weak. I've not yet seen Hitchens lose a debate.
Hmm... it's not the relations with dictators that I find so repulsive, nor even her absolute opposition to abortion. Those might be what you call "slip-ups".
But she did, in fact, preside over awful standards of care, people were denied access to medical treatment, and suffering was not alleviated, because it was considered "spiritually noble". MT also campaigned agains family planning and contraception. So while, by religious lights, she might have been "moral", the effect was deeply cruel and wicked, keeping people in poverty and away from real medical care.
Also, if you want to take issue with Hitchens,I don't really think you should imply that Henry Kissinger was among the better specimens of humanity! Nor, for that matter, was the previous Pope (whose time in the Hitler Youth one may overlook, as the actions of a child under compulsion, but who fully deserves to go to Hell for knowing inaction on child-abuse, and opposition to condoms despite HIV).
That said, I do entirely agree with you that nobody is perfect and anyone can be made to look bad. Your "exhilaration" quote is one example... I checked the context of this, and while I don't find it in good taste, it's not an uncommon description of how some people feel at the start of a war, even those on the good side.
(You might consider imagining yourself as Churchill, at the moment when Hitler invaded Poland - a rather strange mix of gloom at the inevitable impending tragedy, combined with some excitement that, finally, because the evil thing has become so bad, that the world can delay acting no longer and that it will stand up and fight.)