I think that the disproportionate amount of hits coming from/. is skewing the results. Either that or goatse.cx is a very popular text editor in Germany.
True. The way to deal with this is to not set ExecCGI on the user directories and then use something like cgiwrap, which the original poster's admins won't install.
Have Apache run in a group - for instance www-data - that the users are not members of. When the users' home directories are created, make the group ownership of public_html www-data and the permissions 2750 (o=rwx g=rxs). That 's' in the group permissions is the setgid (set group-id) bit. It means that all files created under public_html will be owned by group www-data. Then you just make sure your files are readable by group and you're set.
ARP doesn't use UDP. ARP operates between layer 2 (data link layer, such as ethernet) and layer 3 (network layer, in this case IP.) UDP is a layer 4 (transport) protocol.
I've set this up at my workplace. It's pretty straightforward, you just have a shell script or two on the web servers that update the website. Really all it does is cvs update -r PRODUCTION (or STAGING.) Right now we have these scripts being run manually, but I suppose they could be invoked automatically using something in one of those files in CVSROOT. Let me know if you need any help or want more details on how I did it.
If you're using Debian, apt-get install dhcp-dns. Otherwise, check the above URL.
Re:Digital signatures are not really signatures.
on
GPG vs. PGP?
·
· Score: 5
The points you raise are identity verification issues. You know that a document was signed by 0x600A0342, but how do you know that 0x600A0342 is really Matthew Sachs? Today, this is addressed by Public Key Infrastructure (PKI.) The two main types of PKI being used are "central clearinghouse" and "web of trust."
"Central clearinghouse" PKI is what SSL uses. SSL certificates are signed by Certificate Authorities (CAs), such as VeriSign. CAs are trusted entities who verify an applicant's identity before issuing them a certificate. A certificate is the same as a public key except that it has more information about the owner - usually the x.509 Distinguished Name which consists of a "common name" (CN), "organizational unit" (OU), "organization" (O), "locality" (L), "state" (S), "country" (C), and sometimes email. For instance, Microsoft's DN is CN=www.microsoft.com/OU=mscom/O=Microsoft/L=Redmon d/S=Washington/C=US. How do you know which CAs to trust? Web browsers typically have a built-in list. Anyone can act as a CA, but when someone views a website which is using one of that CA's certificates, the user's web browser should (and most do) display a warning. Go to Fortify's SSL test page and my HTTPS website. Fortify's certificate was issued by Thawte (who I believe is now owned by VeriSign), a widely-known CA whose certificate is in most/all browsers. My certificate is signed by the "Zevils CA", which doesn't really exist. Your browser should display a warning when accessing the zevils site but not when accessing the Fortify site.
The other popular method of PKI is known as the "web of trust." This is what PGP and GPG use. If you know someone in real life, you have proof of their identity (such as a driver's license), and you both have GPG/PGP keys, you should sign each other's public keys and upload the signed keys to the keyserver. Here's how the web of trust works (with help from the GNU Privacy Guard Handbook):
Alice knows Bob in real life. They both use GPG. Alice knows with absolute certainty that a certain key is Bob's key, and that Bob is who he says he is, so she signs Bob's key with her key. Alice and Bob discuss PKI every day at lunch and Alice knows that Bob has excellent judgement on when to sign a key, so she tells GPG that she trusts Bob's signature on a key as much as her own (she can also give Bob marginal trust or no trust - see GPG documentation for details.) Bob has signed Charlie's key. Thus, Alice trusts Charlie's key. The web of trust, at least in the GPG implementation, is quite flexible and does extend to a depth of more than one. See the GPG handbook for more information.
Of course, PKI is not a magical security fairy that sprinkles security dust on your keys while you're asleep at night. Bruce Schneier and Carl Ellison have written an excellent paper, Ten Risks of PKI(Computer Security Journal, v 16, n 1, 2000, pp. 1-7)
I've created an AOL Instant Messenger (TOC) to IRC gateway. It pretends to be an IRC server, links up with your IRC server, and creates the nick AIMServ that you can then send, say PRIVMSG signon screenname password to. It makes IRC nicks for your buddies (AIM-SomeBuddy) so you can PRIVMSG them and it makes channels (#aimchat-1234) for AIM chatrooms. Here's the homepage.
Welcome to NukePhone(R)! For conviction assurance purpose, your call may be monitored and/or recorded. If you know the name of the nuclear secret you wish to steal, press 1. To find nuclear secrets by materials requried, press 2. To find nuclear secrets by maximum potential kills per payload, press 3. To speak with an operator, or if you are using a rotary phone, please stay on the line.
My company uses OpenLink multi-tier ODBC drivers and PHP to talk to Microsoft SQL Server from Apache/Linux. It seems to work well, although we haven't had a chance to use it on any production websites yet, and my experiences with OpenLink's support department have been good.
Set up Apache+mod_ssl to listen on the gopher port (70). Then https://server:70/proxy/http://www.foo.com and you're golden. There's a decent chance that gopher isn't blocked by the firewall, it's probably not monitored, and you've got SSL anyway.
The lack of the things you mentioned are not MySQL flaws, by MySQL designed decisions. MySQL is optimized for speed, speed, and speed. It does need to sacrafice some functionality to do this. If you need this functionality, don't use MySQL. PostgreSQL makes different tradeoffs; it is not as fast as MySQL but, as you mention, it is more full-featured.
If your data and table structures are simple enough, a simple dump would work. A database dump, which any decent database tool can do, takes the data and converts it into SQL syntax. It will give you your CREATE statements to make the tables and INSERTs to insert the data into the tables.
Correct me if I'm wrong, but isn't MDAC an API for accessing data sources, such as a Microsoft SQL Server, Microsoft Access Server, or ODBC data source (which could be a MySQL or PostgreSQL DBMS)? I didn't think that MDAC was a database server.
Slashdot Mirror
I think that the disproportionate amount of hits coming from /. is skewing the results. Either that or goatse.cx is a very popular text editor in Germany.
There is a hack for the Palm that moves the scrollbars to the left. Get it here.
True. The way to deal with this is to not set ExecCGI on the user directories and then use something like cgiwrap, which the original poster's admins won't install.
Have Apache run in a group - for instance www-data - that the users are not members of. When the users' home directories are created, make the group ownership of public_html www-data and the permissions 2750 (o=rwx g=rxs). That 's' in the group permissions is the setgid (set group-id) bit. It means that all files created under public_html will be owned by group www-data. Then you just make sure your files are readable by group and you're set.
...that the US DoJ's hotshot young lawyer is going to use the Little Doctor on them?
ARP doesn't use UDP. ARP operates between layer 2 (data link layer, such as ethernet) and layer 3 (network layer, in this case IP.) UDP is a layer 4 (transport) protocol.
I've set this up at my workplace. It's pretty straightforward, you just have a shell script or two on the web servers that update the website. Really all it does is cvs update -r PRODUCTION (or STAGING.) Right now we have these scripts being run manually, but I suppose they could be invoked automatically using something in one of those files in CVSROOT. Let me know if you need any help or want more details on how I did it.
If you're using Debian, apt-get install dhcp-dns. Otherwise, check the above URL.
"Central clearinghouse" PKI is what SSL uses. SSL certificates are signed by Certificate Authorities (CAs), such as VeriSign. CAs are trusted entities who verify an applicant's identity before issuing them a certificate. A certificate is the same as a public key except that it has more information about the owner - usually the x.509 Distinguished Name which consists of a "common name" (CN), "organizational unit" (OU), "organization" (O), "locality" (L), "state" (S), "country" (C), and sometimes email. For instance, Microsoft's DN is CN=www.microsoft.com/OU=mscom/O=Microsoft/L=Redmon d/S=Washington/C=US. How do you know which CAs to trust? Web browsers typically have a built-in list. Anyone can act as a CA, but when someone views a website which is using one of that CA's certificates, the user's web browser should (and most do) display a warning. Go to Fortify's SSL test page and my HTTPS website. Fortify's certificate was issued by Thawte (who I believe is now owned by VeriSign), a widely-known CA whose certificate is in most/all browsers. My certificate is signed by the "Zevils CA", which doesn't really exist. Your browser should display a warning when accessing the zevils site but not when accessing the Fortify site.
The other popular method of PKI is known as the "web of trust." This is what PGP and GPG use. If you know someone in real life, you have proof of their identity (such as a driver's license), and you both have GPG/PGP keys, you should sign each other's public keys and upload the signed keys to the keyserver. Here's how the web of trust works (with help from the GNU Privacy Guard Handbook):
Alice knows Bob in real life. They both use GPG. Alice knows with absolute certainty that a certain key is Bob's key, and that Bob is who he says he is, so she signs Bob's key with her key. Alice and Bob discuss PKI every day at lunch and Alice knows that Bob has excellent judgement on when to sign a key, so she tells GPG that she trusts Bob's signature on a key as much as her own (she can also give Bob marginal trust or no trust - see GPG documentation for details.) Bob has signed Charlie's key. Thus, Alice trusts Charlie's key. The web of trust, at least in the GPG implementation, is quite flexible and does extend to a depth of more than one. See the GPG handbook for more information.
Of course, PKI is not a magical security fairy that sprinkles security dust on your keys while you're asleep at night. Bruce Schneier and Carl Ellison have written an excellent paper, Ten Risks of PKI (Computer Security Journal, v 16, n 1, 2000, pp. 1-7)
Well, I've created something similar. AIMIRC, a way to use AOL Instant Messenger via IRC.
The PDF specification is available from Adobe in PDF or ASCII format.
I've created an AOL Instant Messenger (TOC) to IRC gateway. It pretends to be an IRC server, links up with your IRC server, and creates the nick AIMServ that you can then send, say PRIVMSG signon screenname password to. It makes IRC nicks for your buddies (AIM-SomeBuddy) so you can PRIVMSG them and it makes channels (#aimchat-1234) for AIM chatrooms. Here's the homepage.
Welcome to NukePhone(R)! For conviction assurance purpose, your call may be monitored and/or recorded. If you know the name of the nuclear secret you wish to steal, press 1. To find nuclear secrets by materials requried, press 2. To find nuclear secrets by maximum potential kills per payload, press 3. To speak with an operator, or if you are using a rotary phone, please stay on the line.
This is zevils. Unauthorized access prohibited. Violators will be LARTed. All access is monitored.
My company uses OpenLink multi-tier ODBC drivers and PHP to talk to Microsoft SQL Server from Apache/Linux. It seems to work well, although we haven't had a chance to use it on any production websites yet, and my experiences with OpenLink's support department have been good.
Sir, you have given me quite a fright. I originally parsed "ISS" as "IIS". *shudder*...
Oooh, those Trolls. Never mind...
Let me guess - you work for Mindcraft? ;)
I wrote it for 0.3, plan to update for 0.9. Check the code link.
Set up Apache+mod_ssl to listen on the gopher port (70). Then https://server:70/proxy/http://www.foo.com and you're golden. There's a decent chance that gopher isn't blocked by the firewall, it's probably not monitored, and you've got SSL anyway.
The lack of the things you mentioned are not MySQL flaws, by MySQL designed decisions. MySQL is optimized for speed, speed, and speed. It does need to sacrafice some functionality to do this. If you need this functionality, don't use MySQL. PostgreSQL makes different tradeoffs; it is not as fast as MySQL but, as you mention, it is more full-featured.
If your data and table structures are simple enough, a simple dump would work. A database dump, which any decent database tool can do, takes the data and converts it into SQL syntax. It will give you your CREATE statements to make the tables and INSERTs to insert the data into the tables.
Correct me if I'm wrong, but isn't MDAC an API for accessing data sources, such as a Microsoft SQL Server, Microsoft Access Server, or ODBC data source (which could be a MySQL or PostgreSQL DBMS)? I didn't think that MDAC was a database server.
"X equals negative B
Plus or minus the square root
Of B-squared minus four AC
All over two A"
He knows. code.shtml says "It is very likely that Slashdot will use this soon." Of course that was $BIGNUM months ago...