Actually there is completely no point whatsoever in setting up MySQL as multiuser in a simple web hosting environment. You may as well just tell everyone to use "root" and no password.
Yes, you think that's insecure, but the truth of the matter is that giving individual users their own MySQL username and password does not make it any less insecure. I am of the opinion that it's better not to lull people into a false sense of security: if they can see how sharp the blade is, they will be more careful when using a powerful tool.
Fact: it's trivial for any user with an account on a box to read any other user's files, even in their cgi-bin, since they must necessarily all be visible to the Apache daemon user {www-data on Debian systems}. And there's no way to obfuscate the database password: ultimately, the script has to send it to the server in the clear, so all you have to do is make a copy of the relevant file and replace a line that looks something like
That's bad enough in itself; but if the hosting company has decided to use the same password for MySQL and Linux login {and therefore POP3, FTP and maybe even shell access if they're on Gold} -- and there is at least one hosting company out there that are doing this {I had a reseller account with them once; I shan't name them} -- then Sir Hacksalot has the power to compromise more than just your database. One doesn't need to be terrifically "l33t" to find out which hosting company a competitor is using {as hard as it may be for you geeks who all have your own servers in your back bedrooms [and no hosting customers, except your own sisters' girly photo blogs, average 3 unique visitors per month, all bots] to believe this, there a lot of businesses who use hosting companies -- and more than a few who get their hosting done through cheapskate resellers}, get another account on the same box, and cause as much trouble as one can with a MySQL-based site.
The only way around this is for every user to run their own instance of the Apache server as themself, on a different non-privileged port; and to have a transparent proxy on port 80 that redirects requests to the appropriate port based on the host name. This way, users' files don't need to be readable to anyone save that user. Although it still would not be wise to use the same password for the two services, because a database password can still be exposed by careless use of chmod. And I wouldn't like to think how that is going to affect performance.
No, PHPMyAdmin is not a complete replacement for Access. But it is good for mucking around with tables in some really powerful ways -- and for learning SQL.
Once you have finalised your database schema, then you can throw together your own PHP application to generate reports and otherwise *do stuff* with the data. You can even re-use bits of your PHP code in the xext one you write {or not, if you decide it was bollocks}.
The idea is that you use the scripting language {in this case PHP but any of the others will do} as a generality-of-purpose abstraction layer. Once you have written {or ripped off} functions to generate things like drop boxes, text areas, radio button sets, date selectors and the like, it's not that hard at all.
And when I wrote my form element functions, I did something particularly fancy. Calling the function generates the necessary HTML directly with echo statements, but the function returns a chunk of JavaScript which validates the selection. If it's not a required field then I call it in void context. Otherwise I save it in a scalar variable, and end up with something like this:
Once you have enough Linux machines, you can ditch Microsoft Exchange and install sendmail {if you're brave} or exim {if you're not quite so brave, and not from Oxford}. You'll also need a POP3 server; qpopper will do. Get Webmin at first, but poke around by hand in the configuration files till you get confident that you can manage without it.
Where I work, most desktops are Mandrake 9 or 10, though we've had positive results from trials of Kubuntu so that's going to be the "new" standard. We have a few Windows machines for the beancounters -- they need to run some legacy app for compatibility with Group Head Office. Everything else is Linux. Hylafax for sending faxes, through a dual Xeon running Asterisk and fitted with a four-way ISDN30 card. Almost all our software is written in-house by a crack commando squadron of hackers, accessed through a web browser from anywhere we say, and precisely tailored for the work we do. Most of it is interpreted, so any question of making sure to distribute source code is moot.
With Linux on the desktop, we simply don't have to worry about licence issues. We could add another two dozen machines if we want and not have to pay anybody for the privilege. Users don't have the root password for their machines, so they can't install software {except in $HOME}; but since it's going to be Linux software, it's most probably Open Source anyway.
I use it all the time. Of course, you need Apache, MySQL and PHP; but they are all in the package repositories. And once you have them all working, and you are satisfied that your database schema is correct, you can just write your own front-end in PHP, that accesses through a web browser {if it's a corporate environment, you have the advantage of knowing which one} and has your company logo in it and everything.
Uhm, you forgot the step where you pay $262.99 to Microsoft for the compiler?
Ah, that'd be the bit I was missing. Makes sense now. So you have to pay extra for the compiler?! That would be why there's so much pre-compiled stuff..... in fact, you could give away the source gratis, and charge money for the pre-compiled binary; it would still appear cheaper to pay for it pre-compiled than to pay for the compiler and compile it yourself.
And they used to say that we Brits were weird 'cos {until recently} whenever you bought a new electrical appliance, it came with bare wires and you had to fit your own mains plug!
With that mentality going around, I really hope they don't find a way of metering air soon.....
Your average (or at least the lowest 20 percentile) Windows user, unfortunately, lacks the know-how to read warning dialogs, never mind the patience to wait for a large program to compile. And expecting them to learn is similar to expecting that pilots should have to know how to fix every piece of equipment on any airplane they fly.
I'd say it was more like having pilots be expected to know how to read every important instrument on any plane they fly, and what kind of readings were normal and abnormal {you can always put out a distress call if you see something bad}. As for the patience argument..... if you are using dial-up, downloading usually takes longer than compiling.
In most countries, it's the law that prepackaged foods have to have an ingredients list, but what if they didn't, and what if it was legal to put any old stuff in it -- even slightly poisonous materials just to bulk it out, or strongly addictive drugs to keep you going back for more? Would you buy a heat-and-serve ready meal, not knowing what was in it? Would you even accept it if it was free? And would you really mind waiting in a restaurant while a fresh meal was being prepared just for you without loads of chemical additives, if you didn't have to pay for it?
OK then, what's so hard about compiling a package from source under Windows?
Under GNU/Linux, what you do is open a terminal and enter
$./configure $ make $ su type root password # make install
{And that's the hard way. In Gentoo, if you want to download, compile and install a package called "thingy" then you just use # emerge thingy.}
I vaguely remember the Windows C compiler supporting "project files", as a way of organising non-trivial projects with more than just one file of source code. So I would have thought that Windows would just automatically associate project files with its compiler, and all you would need to do is unzip the archive, double-click on the project file and have the sources compiled and linked. Is it not like that, then?
Taking your points in reverse. The answer to point two is simple. You just have to compile the source code locally. If you're in some rural backwater with only a 56K modem to connect you to the Internet, then downloading will take a lot longer than compiling. If you're on ADSL, then compiling might take an hour or so, but at least it's a fair bet that you've got a good enough electricity supply to run a kettle at the same time as your computer:)
On Gentoo, everything you install is compiled from source, and on Debian you have the option to compile everything from source. Assuming it's in the repositories, of course, but then that assumption is quite reasonable for Debian or Gentoo. I manage fine in an Xterm, but I'm sure it wouldn't be too hard to wrap a GUI around the process. And even the pre-compiled packages found within the various Linux repositories were all compiled from source by developers who often were not affiliated with the original authors, so they can be considered at least somewhat independent.
I'm not too sure about Windows; but I would imagine that, since it's so easy to just stick a pre-compiled executable anywhere, it would not be much harder to automate the process of compiling the source for a program and all its dependencies. All the user would notice would be a delay between downloading the program and it being ready to run.
The answer to point one is just as simple. Your grandmother and most other people who don't know what a compiler is, can always learn what one is. Ignorance is nothing to be proud of and you do nobody a favour by suggesting against bothering to learn things. A little knowledge might just make the difference between enjoying using your computer and wading through a mire of malware.
And no, I don't use OpenOffice. I'm still struggling to get it to compile properly on my "pure" AMD64 architecture {i.e. no legacy 32-bit libraries}.
The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.
Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?
Insist to see the source. It's the best guarantee yet that the software you are running is pure.
Not only that, but geothermal energy is nothing like renewable energy: in fact, it's just as much stored energy as fossil fuel. When the Earth's core gets cooled sufficiently, the liquid magma will begin to solidify. And it's not water, so it will shrink when it solidifies. What we will end up with, will be a planet which consists of a huge solid lump of heavy volcanic rock rattling around inside a fragile hollow shell.
I don't find that any less scary than any of the climate change scenarios that have been suggested.
Double-edged swords cut both ways. If the anti-virus people had access to the source code, then they would be able to block its propagation quite easily.
Seriously, though, the only officially recognised unit of distance is the metre, which is defined as the distance travelled by light through a perfect vacuum in 1/299 792 458 seconds. {Adding a multiplier prefix does not change the base unit; in "forty centimetres" you can think of the "centi" bit as belonging to the 40, and 40 centi-anythings are 0.4 of a whole one of the same thing.}
In order to install the software you have to make a copy of it (either copy from the cd to hard drive, or copy from internet page to hard drive) but before you can copy you need a copyright license. What gives you that license if not the EULA?
Copyright law gives you that licence. Making a copy in the memory of your computer is a necessary step in making use of software, therefore it's protected fair use.
The old-style, lead-acid batteries are great because they don't pollute much, if at all. Dilute sulphuric acid isn't that serious a pollutant, and can be neutralised with any alkali. Lead can be melted down and re-used again and again. Likewise, the plastic housings usually can be melted down. Lead-acid batteries are also field-maintainable.
The problem is, they're heavy; which means that it takes energy to get them to move. But if you could somehow use that mass as a flywheel to store KE directly, then it wouldn't be so much of a problem.
Yes, you can charge money for GPL software; but at the same time, you can't stop someone across the road from giving it away for free. Over time, the price will tend to approach what the market can bear.
You would do better sending a letter to your elected representative, demanding full disclosure as a precondition for approval for sale. At the moment, manufacturers are allowed to get away with deceptive practices such as selling "5 megapixel" cameras with a 2MPx sensor array, and hiding behind "software copyright".
Depends how big you define an inch to be, I suppose. It isn't a proper measuring unit, it's a slang term; and it can mean as much or as little as you want it to mean. Which is why TV sets have to have the size quoted in real measuring units {mm. or cm., rarely m.} somewhere in the advertising literature.
Getting OSX to run on something other than Apple hardware isn't cracking {destructive} -- it's hacking {creative}. Writing software which denies us the Four Freedoms is just playing dog-in-the-manger. If anybody is behaving like a cracker, it's Apple.
If they do not want someone else to patent it and sue them, all they need is an example of prior art, or to show that the concept would be obvious to an expert in the field.
Not only is there substantial prior art, but the concept is so bloody obvious, even to me, that this patent should never have been granted. This is just more evidence that the US patent system is irretrievably broken. Write to your elected representatives and let them know this is unacceptable!
What we really need is a system which actively encourages people who could have patents struck down to come forward. And there is only one language Americans understand: dollars! So how about if, when you are seeking a patent, you have to stump up a fixed non-refundable deposit; and the first person who comes forward within, say, six months or a year with proof of prior art that would invalidate the patent, gets half that money, as a sort of bounty?
Slashdot Mirror
Yes, you think that's insecure, but the truth of the matter is that giving individual users their own MySQL username and password does not make it any less insecure. I am of the opinion that it's better not to lull people into a false sense of security: if they can see how sharp the blade is, they will be more careful when using a powerful tool.
Fact: it's trivial for any user with an account on a box to read any other user's files, even in their cgi-bin, since they must necessarily all be visible to the Apache daemon user {www-data on Debian systems}. And there's no way to obfuscate the database password: ultimately, the script has to send it to the server in the clear, so all you have to do is make a copy of the relevant file and replace a line that looks something like with That's bad enough in itself; but if the hosting company has decided to use the same password for MySQL and Linux login {and therefore POP3, FTP and maybe even shell access if they're on Gold} -- and there is at least one hosting company out there that are doing this {I had a reseller account with them once; I shan't name them} -- then Sir Hacksalot has the power to compromise more than just your database. One doesn't need to be terrifically "l33t" to find out which hosting company a competitor is using {as hard as it may be for you geeks who all have your own servers in your back bedrooms [and no hosting customers, except your own sisters' girly photo blogs, average 3 unique visitors per month, all bots] to believe this, there a lot of businesses who use hosting companies -- and more than a few who get their hosting done through cheapskate resellers}, get another account on the same box, and cause as much trouble as one can with a MySQL-based site.
The only way around this is for every user to run their own instance of the Apache server as themself, on a different non-privileged port; and to have a transparent proxy on port 80 that redirects requests to the appropriate port based on the host name. This way, users' files don't need to be readable to anyone save that user. Although it still would not be wise to use the same password for the two services, because a database password can still be exposed by careless use of chmod. And I wouldn't like to think how that is going to affect performance.
Once you have finalised your database schema, then you can throw together your own PHP application to generate reports and otherwise *do stuff* with the data. You can even re-use bits of your PHP code in the xext one you write {or not, if you decide it was bollocks}.
The idea is that you use the scripting language {in this case PHP but any of the others will do} as a generality-of-purpose abstraction layer. Once you have written {or ripped off} functions to generate things like drop boxes, text areas, radio button sets, date selectors and the like, it's not that hard at all.
And when I wrote my form element functions, I did something particularly fancy. Calling the function generates the necessary HTML directly with echo statements, but the function returns a chunk of JavaScript which validates the selection. If it's not a required field then I call it in void context. Otherwise I save it in a scalar variable, and end up with something like this: There probably is a better way of doing it, but this works for me.
Once you have enough Linux machines, you can ditch Microsoft Exchange and install sendmail {if you're brave} or exim {if you're not quite so brave, and not from Oxford}. You'll also need a POP3 server; qpopper will do. Get Webmin at first, but poke around by hand in the configuration files till you get confident that you can manage without it.
Where I work, most desktops are Mandrake 9 or 10, though we've had positive results from trials of Kubuntu so that's going to be the "new" standard. We have a few Windows machines for the beancounters -- they need to run some legacy app for compatibility with Group Head Office. Everything else is Linux. Hylafax for sending faxes, through a dual Xeon running Asterisk and fitted with a four-way ISDN30 card. Almost all our software is written in-house by a crack commando squadron of hackers, accessed through a web browser from anywhere we say, and precisely tailored for the work we do. Most of it is interpreted, so any question of making sure to distribute source code is moot.
With Linux on the desktop, we simply don't have to worry about licence issues. We could add another two dozen machines if we want and not have to pay anybody for the privilege. Users don't have the root password for their machines, so they can't install software {except in $HOME}; but since it's going to be Linux software, it's most probably Open Source anyway.
Um. Have you tried phpmyadmin?
I use it all the time. Of course, you need Apache, MySQL and PHP; but they are all in the package repositories. And once you have them all working, and you are satisfied that your database schema is correct, you can just write your own front-end in PHP, that accesses through a web browser {if it's a corporate environment, you have the advantage of knowing which one} and has your company logo in it and everything.
Yeah. I joined Workaholics Anonymous once. Waste of money. I missed every one of the meetings ..... always staying late at the office .....
And they used to say that we Brits were weird 'cos {until recently} whenever you bought a new electrical appliance, it came with bare wires and you had to fit your own mains plug!
With that mentality going around, I really hope they don't find a way of metering air soon
In most countries, it's the law that prepackaged foods have to have an ingredients list, but what if they didn't, and what if it was legal to put any old stuff in it -- even slightly poisonous materials just to bulk it out, or strongly addictive drugs to keep you going back for more? Would you buy a heat-and-serve ready meal, not knowing what was in it? Would you even accept it if it was free? And would you really mind waiting in a restaurant while a fresh meal was being prepared just for you without loads of chemical additives, if you didn't have to pay for it?
Under GNU/Linux, what you do is open a terminal and enter {And that's the hard way. In Gentoo, if you want to download, compile and install a package called "thingy" then you just use # emerge thingy.}
I vaguely remember the Windows C compiler supporting "project files", as a way of organising non-trivial projects with more than just one file of source code. So I would have thought that Windows would just automatically associate project files with its compiler, and all you would need to do is unzip the archive, double-click on the project file and have the sources compiled and linked. Is it not like that, then?
Taking your points in reverse. The answer to point two is simple. You just have to compile the source code locally. If you're in some rural backwater with only a 56K modem to connect you to the Internet, then downloading will take a lot longer than compiling. If you're on ADSL, then compiling might take an hour or so, but at least it's a fair bet that you've got a good enough electricity supply to run a kettle at the same time as your computer :)
On Gentoo, everything you install is compiled from source, and on Debian you have the option to compile everything from source. Assuming it's in the repositories, of course, but then that assumption is quite reasonable for Debian or Gentoo. I manage fine in an Xterm, but I'm sure it wouldn't be too hard to wrap a GUI around the process. And even the pre-compiled packages found within the various Linux repositories were all compiled from source by developers who often were not affiliated with the original authors, so they can be considered at least somewhat independent.
I'm not too sure about Windows; but I would imagine that, since it's so easy to just stick a pre-compiled executable anywhere, it would not be much harder to automate the process of compiling the source for a program and all its dependencies. All the user would notice would be a delay between downloading the program and it being ready to run.
The answer to point one is just as simple. Your grandmother and most other people who don't know what a compiler is, can always learn what one is. Ignorance is nothing to be proud of and you do nobody a favour by suggesting against bothering to learn things. A little knowledge might just make the difference between enjoying using your computer and wading through a mire of malware.
And no, I don't use OpenOffice. I'm still struggling to get it to compile properly on my "pure" AMD64 architecture {i.e. no legacy 32-bit libraries}.
Nah ..... you'll be toast before that happens. Well, eight and a half minutes after it starts, anyway.
The best way to be certain that a program is free from spyware is to examine the source code, comment out any bits you don't like, and compile it on your machine.
The second-best way to be certain that a program is free from spyware is to have someone you trust examine the source code, comment out any bits they don't like, compile it on their machine, sign it with their OpenPGP decrypting key and make their signed, pre-compiled binary available for download.
That's how we have always done things in the Unix world, how we still do things in the Linux world -- and it's beginning to take hold of the Apple Mac world, too.
Now, if only the Windows world would wake up and smell the coffee! "What good is source code to me?" they bleat, "I'm not a programmer!" Yeah, you may not be a programmer, you may not want to be a programmer, but the source code is still your best guarantee that a program is what it says it is. And if the person who wrote that program won't show you the source code, even despite the facts that (1) they aren't charging you any money for the executable so it's not like you could be ripping them off by compiling more than one copy and (2) you aren't a programmer and wouldn't understand it anyway, then you have to ask yourself what don't they want me to see?
Insist to see the source. It's the best guarantee yet that the software you are running is pure.
Not only that, but geothermal energy is nothing like renewable energy: in fact, it's just as much stored energy as fossil fuel. When the Earth's core gets cooled sufficiently, the liquid magma will begin to solidify. And it's not water, so it will shrink when it solidifies. What we will end up with, will be a planet which consists of a huge solid lump of heavy volcanic rock rattling around inside a fragile hollow shell.
I don't find that any less scary than any of the climate change scenarios that have been suggested.
http://www.bipm.org/
Double-edged swords cut both ways. If the anti-virus people had access to the source code, then they would be able to block its propagation quite easily.
Well, it is -- if you define an inch to be 35mm.
Seriously, though, the only officially recognised unit of distance is the metre, which is defined as the distance travelled by light through a perfect vacuum in 1/299 792 458 seconds. {Adding a multiplier prefix does not change the base unit; in "forty centimetres" you can think of the "centi" bit as belonging to the 40, and 40 centi-anythings are 0.4 of a whole one of the same thing.}
There is already such a law. Research and study are protected fair use.
The old-style, lead-acid batteries are great because they don't pollute much, if at all. Dilute sulphuric acid isn't that serious a pollutant, and can be neutralised with any alkali. Lead can be melted down and re-used again and again. Likewise, the plastic housings usually can be melted down. Lead-acid batteries are also field-maintainable.
The problem is, they're heavy; which means that it takes energy to get them to move. But if you could somehow use that mass as a flywheel to store KE directly, then it wouldn't be so much of a problem.
Yes, you can charge money for GPL software; but at the same time, you can't stop someone across the road from giving it away for free. Over time, the price will tend to approach what the market can bear.
You would do better sending a letter to your elected representative, demanding full disclosure as a precondition for approval for sale. At the moment, manufacturers are allowed to get away with deceptive practices such as selling "5 megapixel" cameras with a 2MPx sensor array, and hiding behind "software copyright".
Depends how big you define an inch to be, I suppose. It isn't a proper measuring unit, it's a slang term; and it can mean as much or as little as you want it to mean. Which is why TV sets have to have the size quoted in real measuring units {mm. or cm., rarely m.} somewhere in the advertising literature.
No Slashdot user is likely to catch bird flu.
When was the last time any of this lot shagged any birds?
Go and learn your definitions, please.
Hacking == creative. Cracking == destructive.
Getting OSX to run on something other than Apple hardware isn't cracking {destructive} -- it's hacking {creative}. Writing software which denies us the Four Freedoms is just playing dog-in-the-manger. If anybody is behaving like a cracker, it's Apple.
If they do not want someone else to patent it and sue them, all they need is an example of prior art, or to show that the concept would be obvious to an expert in the field.
Not only is there substantial prior art, but the concept is so bloody obvious, even to me, that this patent should never have been granted. This is just more evidence that the US patent system is irretrievably broken. Write to your elected representatives and let them know this is unacceptable!
What we really need is a system which actively encourages people who could have patents struck down to come forward. And there is only one language Americans understand: dollars! So how about if, when you are seeking a patent, you have to stump up a fixed non-refundable deposit; and the first person who comes forward within, say, six months or a year with proof of prior art that would invalidate the patent, gets half that money, as a sort of bounty?