My spelling is nearly perfect (not trying to boast, it just is -- although I know that having said that there'll be a typo somewhere in this post which you'll all take great glee in highlighting) and in those places where it isn't - well, guess what, I DO NOT CARE. This is the interwebs, not a PhD Thesis. I couldn't give a monkeys if I make typos on forum postings. Then there's all the time I use slang / abbreviations / deliberate mispellings, etc which aren't in the dictionary - as if I want to be clicking "add word" every five seconds...
No, basically, the gist is that I will NOT be using the spellchecker and frankly I'm a bit pissed off it's even in there. There were already spellchecker extensions, why should I have to download it and then make a point of turning it off (there'd BETTER be a way to turn it off)? This seems against the original ethos of Firefox.
I'm setting up an mp3 store for my band at the moment. Free (as in beer) shopping cart software, knows how to handle digital products, checkout works via paypal (or a whole ton of other options). You don't exactly need to be a "programmer" to get it to work, but it is possibly helpful. If you've installed software like phpBB or a photo gallery on your site before, you'll be fine. Or you should be able to easily find a local friendly php/mysql hacker to sort it out for 50 bucks or a case of beer or something, if you don't feel brave.
Here are some step-by-step instructions someone pasted to me, not sure where they're originally from, but they make it pretty damn easy to follow.
Before these instructions begin, it assumes you've downloaded and installed the latest version of Cubecart (3.0.13) - which is one of the most painless installs of web software I've come across, so I shan't add any instructions, I didn't even really need to RTFM.
1) If you already have a PayPal account you must make sure that it is a Business Account. If it is not then it is best to upgrade as it is free.
2) Business Address: In your PayPal profile make sure you have entered a Business Address, without it you will only be able to accept your country's default currency.
3) In your PayPal profile enter the new email address we created earlier and set this as your Primary Email address.
4) In your PayPal profile, under Selling Preferences > Website Payment Preferences, set the following;
AUTO RETURN: OFF (if you're using cubecart 3.13)
RETURN URL: http://www.yourweburl.com/storedirectory/confirmed .php
PAYMENT TRANSFER: ON
PAYPAL ACCOUNT OPTIONAL: ON (this is so that your customers do not need to sign up for a PayPal account to make their payment)
CONTACT TELEPHONE NUMBER: (choose your preferrence)
5) In your PayPal profile, under Selling Preferences > Instant Payment Notification Preferences, set the following;
1) Under Modules > Gateways, choose PayPal Standard & IPN, then click on "Configure".
2) Set "Status" to "Enabled".
3) In "Description" enter a description for the gateway such as "Credit/Debit Cards (PayPal)"
4) In "Email Address" enter the email address we set earlier as the Primary Email address.
5) In "Method" change to "IPN (recommended)".
6) You will now see the "IPN Url" which should be the same as you entered in your PayPal profile earlier. If it is different then copy it and go back to your PayPal profile and update so they are the same.
7) In "Default" set to "YES"
8) In "Test Mode" set to "NO" (It is always best to test your store in live mode so that you can experience what your customers will experience, also you will be able to see if there are any errors).
9) Click the button which says "Edit Config".
done. Paypal will let the store know when the payment has been received and automatically send the digital download link to the customer.
I'm not quite sure if it works yet so I won't paste the link. The link in my sig is not what I'm talking about here, that was for selling CDs and doesn't use cubecart. And don't click on buy, because we've sold out of CDs... hence the mp3 shop in progress;-)
Too bad you apparently never discovered Suckerfish - let's do pretend to have:hover (and other) pseudoclasses on any element in IE6 thanks to a bit of javascript. I know part of the joy of pure CSS:hover is no javascript is needed, but this is very clean...
your on Slashdot - news for...ah you know. Now go read Snowcrash. Now sit and ponder that for a second. SL is the closest thing i have heard of to the metaverse
Yeah, I know I'm on slashdot and therefore a geek and therefore in no position to be bashing a virtual world as lame. Which I why I was careful to say that wasn't my intention. I have read Snowcrash and I know exactly what you mean. "In concept it sounds cool" - that's my opinion too, and yet I've never actually gone and tried it. And given the tiny number of replies these topics always get, I wondered if nearly everyone on/. was like me in that regard... sounds neat, but not actually a part of it...
Just curious, because we seem to get an awful lot of Second Life stories on slashdot these days, but AFAICS the comments section doesn't support the idea that a large number of people on slashdot actually, y'know... care.
Not trying to have a troll, saying it sucks, or trying to issue some lame diktat that there "shouldn't" be Second Life stories here. I just genuinely wonder if the frequency of SL stories actually tallies with the level of interest/participation in SL amongst/. membership.
This site is for an international development charity. Nothing Firefox-y or Linux-y about it whatsoever. Nor would I even expect a broader demographic lean towards firefox (eg. gamers, students, heavy internet users of any kind). Most of our marketing is to professionals (teachers, doctors, engineers, etc) somewhere in the 30-60 age band, and we get about 55,000-60,000 unique visitors per month.
Here are our browser stats for the past 28 days:
1. Internet Explorer 84.3% 2. Mozilla Firefox 10.9% 3. Safari 3.1% 4. Netscape 0.7% 5. Opera 0.6% 6. Mozilla 0.3% 7. Konqueror 0.1%
Why? Because SP1 just works. And I'm happier leaving my computer working fine than risking something breaking. For that reason Windowsupdate always has been and always will be switched off. I am not prepared for some automatic install to bork everything: I use my computer as a DAW, so system setup is pretty important. I heard murmurings on music/production forums that SP2 left people's sequencer / wave editors / plugins broken, and I just wasn't prepared to go for that.
Besides the risk of borking things, there's also the fact that they have a habit of rolling undesired "features" into the security fixes. Like WGA, or the WMP upgrade with added DRM, or whatever. No, I'm really much happier with nothing touching my computer unless I explicitly do it myself...
And for the barrage of people saying "OMG you're irresponsible you're computer is pwned by malware and viruses and its a spam bot". No, it's not. I have a router, I use FF/Thunderbird, I don't download/run britneynaked.jpg.exe, that's all it takes really. And to those saying "how do you KNOW it's not" - well, I run adaware and the like every six months or whatever, and in the last three years they've not come up with anything more "dangerous" than doubleclick cookies.
Even simpler than that actually - you just middle-click a tab to close it.
Close widget on every tab is an absolutely terrible idea, I'd be sure to accidentally close tabs when trying to change tabs. Looks like getting rid of it will be the first thing I do - each and every x.y.z update that self-installs:(
(I asked this last time SQL injection came up, but I was too late, I got no reply, so I'll ask again...)
I don't understand how this magically fixes things.
In your example (yes, I realise it is just that, a quick example) you have 10 which is a constant. Now clearly if you were just doing queries with constants then there is no danger in doing a straight SELECT * FROM table WHERE something=10!
So your example obviously needs to replace "10" with "$numeric_var", ie $sth->execute(q{''Some\ things"'}, $numeric_var); (Sorry if $ doesn't indicate a variable in perl, I don't speak linenoise;-) but I'm sure you see my point).
Now, since in your prepare() statement you nowhere stated that the second ? is expected to be a numeric value and any commas, quotes or other funny stuff should be removed, how does this remotely help? Surely you can still feed $numeric_var with "10; <naughty stuff>" - from your prepare statement I can't see how it knows how to sanitise the variable part?
Please be clear I am not casting doubt on your knowledge here - on the contrary, you seem to know the score*, and I haven't yet worked with this sort of prepared queries, and I'm genuinely interested.
* That said, Nos is right to point out slamming PHP as a poor tool is pretty stupid when you can easily use similar DB abstraction layers and the same techniques, if you choose to. Choosing not to is surely programmer error not a problem with the tool. And I can't see how you can claim PHP shouldn't let people have the choice, considering the whole thing about perl fans is venerating TIMTOWTDI.
You (google) have just given me (everyone) a whole list of vulnerable projects - follow that up with a google search for some identifying feature of the project in the final output ("Powered by BadlyCodedProject v1.01" or whatever) and then a simple bit of "?id=1;%20DROP%20TABLE" url munging and the consequences.... phew...
I suppose on the bright side it also provides a quick way for you to audit OSS tools you were considering using, and if exploitation of these poorly coded systems explodes overnight, it might give an incentive for them to be fixed up all the quicker.
Admittedly, I didn't RTFA, but.... I'm confused, where does alistapart come into this?
I don't see Spiegelmock or Wbeelsoi listed here or even anywhere here.
(OT ramble: Mind you, I wouldn't be entirely surprised if this "clown" was involved in ALA, considering how much it has gone downhill lately. A few years ago it was essential reading (sliding doors and suckerfish dropdowns and whatnot) but all the articles lately have been a real waste of time imho. Waffley PHB crap like likethis, or techniques like this which I appreciate as clever on an academic level but would never release such a monstrosity on a real website. Thinkvitamin has had a few somewhat more useful articles lately but is also slightly plagued by OMG GOOGLE MAPS MASHUP WEB2.0 FLICKR wank. Ho hum.
Yes, it's gutter press (tabloid), yes (even worse) it's Murdoch, but "entirely fabricated"? "Do not place ANY credence"? I think you're confusing it with the Sport...
The Sun may spin the news to a pro-Murdoch agenda, they may pander to the more distasteful aspects of its readership (xenophobia etc), they may deliver their news in little words of one syllable for the not-very-bright, and they may intersperse their news with boobies and tiresome "celebrity" friffery. But they don't "normally" make up stories altogether, and you can, by and large, assume the basic facts of what they print have a basis in reality.
No. Making POD == "Personal on demand" was a lame backronym invented by Creative, trying to crowbar themselves into the picture when its quite obvious the "pod" in "podcast" refers to an iPod.*
The "inventer" of the word (apparently a Ben Hammersley, not Adam Curry, but... meh) actually responded to Creative on this point in one of the funniest putting-corporation-in-its-place responses I have seen:
Creative are talking rot. The pod in 'podcast' was obviously and blatantly meant to refer to the iPod. The accusation that I'd use such a clumsy acronym invites another one: stfu, kthxbye.
(* I am listening to my beloved Zen as I type this, and I don't like or own any Apple goods, so I'm not being a fanboy, I just genuinely think that was a lame thing for Creative to try...)
you're right and wrong.
first, naming elton john and madonna as some sort of proof musicians are so rich piracy doesnt matter and musicians dont deserve to get paid is ridiculous. bill gates is very, very rich from the software industry; that doesn't mean we can rip off any software and all you programmers on slashdot don't want a wage, right? it's easy to pick the exceptions that prove the rule rather than noticing the vast majority of people in that sector are in nowhere near the same position
second, I think you missed the point of GP post. It wasn't that artists get nothing from the labels generally, it was that they will get nothing [i]from the money received in these lawsuits[/i]. Which i would imagine is absolutley true. Major label contracts are basically like this:
we own your creations wholesale.
we will pay you
$x for every y sold
$a for every b sold
$n for every p radio play
q% for every s sub-licensing (movies, commercials, etc)
etc....
anything not explicitly spelt out as a royalty in this fashion, will not get paid. I highly doubt any major label contracts have a clause saying "x% of every lawsuit settlement with p2p companies" since when lots of them were signed lawsuit settlements with p2p companies didnt exist. Plus most artists arent bright enough to ask for it.... and even if they *were*, the labels would probably just play hardball and tell them no way...
Music is an odd thing, in that one cannot 'sell' a piece of music in the same way one would sell a car. The customer either likes the piece of music he hears, or he does not. No amount of salesmanship will get him to change his mind, as it boils down to personal preference
You've not actually tried marketing music, have you? Suffice to say: I wish you were right.
By the sound of this post it would be a step backwards anyway. It looks like you can't even consistently launch apps by double-clicking files, or copy and paste files around your filesystem from within open/save dialogs!? I'm sure this must be incorrect, because if it was true, it would make all these recommendations of Ubuntu as a polished system ready to replace Windows seem a bit laughable. Strangely, though, the post has had +insightful moderation rather than the -1 I would expect for the factually incorrect, I don't know what's going on there.
Slashdot Mirror
some which everyone will use (spell check)
Um, actually, no...
My spelling is nearly perfect (not trying to boast, it just is -- although I know that having said that there'll be a typo somewhere in this post which you'll all take great glee in highlighting) and in those places where it isn't - well, guess what, I DO NOT CARE. This is the interwebs, not a PhD Thesis. I couldn't give a monkeys if I make typos on forum postings. Then there's all the time I use slang / abbreviations / deliberate mispellings, etc which aren't in the dictionary - as if I want to be clicking "add word" every five seconds...
No, basically, the gist is that I will NOT be using the spellchecker and frankly I'm a bit pissed off it's even in there. There were already spellchecker extensions, why should I have to download it and then make a point of turning it off (there'd BETTER be a way to turn it off)? This seems against the original ethos of Firefox.
I'm setting up an mp3 store for my band at the moment. Free (as in beer) shopping cart software, knows how to handle digital products, checkout works via paypal (or a whole ton of other options). You don't exactly need to be a "programmer" to get it to work, but it is possibly helpful. If you've installed software like phpBB or a photo gallery on your site before, you'll be fine. Or you should be able to easily find a local friendly php/mysql hacker to sort it out for 50 bucks or a case of beer or something, if you don't feel brave.
Here are some step-by-step instructions someone pasted to me, not sure where they're originally from, but they make it pretty damn easy to follow.
Before these instructions begin, it assumes you've downloaded and installed the latest version of Cubecart (3.0.13) - which is one of the most painless installs of web software I've come across, so I shan't add any instructions, I didn't even really need to RTFM.
I'm not quite sure if it works yet so I won't paste the link. The link in my sig is not what I'm talking about here, that was for selling CDs and doesn't use cubecart. And don't click on buy, because we've sold out of CDs... hence the mp3 shop in progress
Too bad you apparently never discovered Suckerfish - let's do pretend to have :hover (and other) pseudoclasses on any element in IE6 thanks to a bit of javascript. I know part of the joy of pure CSS :hover is no javascript is needed, but this is very clean...
your on Slashdot - news for ...ah you know. Now go read Snowcrash. Now sit and ponder that for a second. SL is the closest thing i have heard of to the metaverse
/. was like me in that regard... sounds neat, but not actually a part of it...
Yeah, I know I'm on slashdot and therefore a geek and therefore in no position to be bashing a virtual world as lame. Which I why I was careful to say that wasn't my intention. I have read Snowcrash and I know exactly what you mean. "In concept it sounds cool" - that's my opinion too, and yet I've never actually gone and tried it. And given the tiny number of replies these topics always get, I wondered if nearly everyone on
- I play second life regularly
- I have played it in the past at least a bit
- I never have yet
- I never have and never will
Just curious, because we seem to get an awful lot of Second Life stories on slashdot these days, but AFAICS the comments section doesn't support the idea that a large number of people on slashdot actually, y'know... care.Not trying to have a troll, saying it sucks, or trying to issue some lame diktat that there "shouldn't" be Second Life stories here. I just genuinely wonder if the frequency of SL stories actually tallies with the level of interest/participation in SL amongst
This site is for an international development charity. Nothing Firefox-y or Linux-y about it whatsoever. Nor would I even expect a broader demographic lean towards firefox (eg. gamers, students, heavy internet users of any kind). Most of our marketing is to professionals (teachers, doctors, engineers, etc) somewhere in the 30-60 age band, and we get about 55,000-60,000 unique visitors per month.
Here are our browser stats for the past 28 days:
Off-topic trivia - "z" is worth 10 points in scrabble in English, but only worth 1 point in the Polish edition.
My broadband is fine but I haven't installed SP2.
Why? Because SP1 just works. And I'm happier leaving my computer working fine than risking something breaking. For that reason Windowsupdate always has been and always will be switched off. I am not prepared for some automatic install to bork everything: I use my computer as a DAW, so system setup is pretty important. I heard murmurings on music/production forums that SP2 left people's sequencer / wave editors / plugins broken, and I just wasn't prepared to go for that.
Besides the risk of borking things, there's also the fact that they have a habit of rolling undesired "features" into the security fixes. Like WGA, or the WMP upgrade with added DRM, or whatever. No, I'm really much happier with nothing touching my computer unless I explicitly do it myself...
And for the barrage of people saying "OMG you're irresponsible you're computer is pwned by malware and viruses and its a spam bot". No, it's not. I have a router, I use FF/Thunderbird, I don't download/run britneynaked.jpg.exe, that's all it takes really. And to those saying "how do you KNOW it's not" - well, I run adaware and the like every six months or whatever, and in the last three years they've not come up with anything more "dangerous" than doubleclick cookies.
Even simpler than that actually - you just middle-click a tab to close it.
:(
Close widget on every tab is an absolutely terrible idea, I'd be sure to accidentally close tabs when trying to change tabs. Looks like getting rid of it will be the first thing I do - each and every x.y.z update that self-installs
- bleep.com
- beatport.com
- trackitdown.net/
All sell you drm-free 320 kbps mp3.Not Safe For Work.
What's DASD?
Yeah, it's done in some places. My most regular forum hangout converts NSFW to the corresponding or markup (can't remember which).
Thanks to you and tuffy for the explanation!
(I asked this last time SQL injection came up, but I was too late, I got no reply, so I'll ask again...)
;-) but I'm sure you see my point).
I don't understand how this magically fixes things.
In your example (yes, I realise it is just that, a quick example) you have 10 which is a constant. Now clearly if you were just doing queries with constants then there is no danger in doing a straight SELECT * FROM table WHERE something=10!
So your example obviously needs to replace "10" with "$numeric_var", ie $sth->execute(q{''Some\ things"'}, $numeric_var); (Sorry if $ doesn't indicate a variable in perl, I don't speak linenoise
Now, since in your prepare() statement you nowhere stated that the second ? is expected to be a numeric value and any commas, quotes or other funny stuff should be removed, how does this remotely help? Surely you can still feed $numeric_var with "10; <naughty stuff>" - from your prepare statement I can't see how it knows how to sanitise the variable part?
Please be clear I am not casting doubt on your knowledge here - on the contrary, you seem to know the score*, and I haven't yet worked with this sort of prepared queries, and I'm genuinely interested.
* That said, Nos is right to point out slamming PHP as a poor tool is pretty stupid when you can easily use similar DB abstraction layers and the same techniques, if you choose to. Choosing not to is surely programmer error not a problem with the tool. And I can't see how you can claim PHP shouldn't let people have the choice, considering the whole thing about perl fans is venerating TIMTOWTDI.
F**k me, that's massive.
You (google) have just given me (everyone) a whole list of vulnerable projects - follow that up with a google search for some identifying feature of the project in the final output ("Powered by BadlyCodedProject v1.01" or whatever) and then a simple bit of "?id=1;%20DROP%20TABLE" url munging and the consequences.... phew...
I suppose on the bright side it also provides a quick way for you to audit OSS tools you were considering using, and if exploitation of these poorly coded systems explodes overnight, it might give an incentive for them to be fixed up all the quicker.
Don't be too offended. "china and india" [sic] got the same treatment.
Much more than McDonalds. Obviously neither of them really resemble a real burger or indeed real food, but BK are considerably closer.
*shrug* then again I'm in the UK, perhaps they serve up completely different fare over there (it's not unheard of).
Admittedly, I didn't RTFA, but.... I'm confused, where does alistapart come into this?
I don't see Spiegelmock or Wbeelsoi listed here or even anywhere here.
(OT ramble: Mind you, I wouldn't be entirely surprised if this "clown" was involved in ALA, considering how much it has gone downhill lately. A few years ago it was essential reading (sliding doors and suckerfish dropdowns and whatnot) but all the articles lately have been a real waste of time imho. Waffley PHB crap like like this, or techniques like this which I appreciate as clever on an academic level but would never release such a monstrosity on a real website. Thinkvitamin has had a few somewhat more useful articles lately but is also slightly plagued by OMG GOOGLE MAPS MASHUP WEB2.0 FLICKR wank. Ho hum.
Brilliant! Please submit this. Seriously!
Oh come on...
Yes, it's gutter press (tabloid), yes (even worse) it's Murdoch, but "entirely fabricated"? "Do not place ANY credence"? I think you're confusing it with the Sport...
The Sun may spin the news to a pro-Murdoch agenda, they may pander to the more distasteful aspects of its readership (xenophobia etc), they may deliver their news in little words of one syllable for the not-very-bright, and they may intersperse their news with boobies and tiresome "celebrity" friffery. But they don't "normally" make up stories altogether, and you can, by and large, assume the basic facts of what they print have a basis in reality.
The "inventer" of the word (apparently a Ben Hammersley, not Adam Curry, but... meh) actually responded to Creative on this point in one of the funniest putting-corporation-in-its-place responses I have seen: Source: here
(* I am listening to my beloved Zen as I type this, and I don't like or own any Apple goods, so I'm not being a fanboy, I just genuinely think that was a lame thing for Creative to try...)
second, I think you missed the point of GP post. It wasn't that artists get nothing from the labels generally, it was that they will get nothing [i]from the money received in these lawsuits[/i]. Which i would imagine is absolutley true. Major label contracts are basically like this:
- we own your creations wholesale.
- we will pay you
- $x for every y sold
- $a for every b sold
- $n for every p radio play
- q% for every s sub-licensing (movies, commercials, etc)
- etc....
anything not explicitly spelt out as a royalty in this fashion, will not get paid. I highly doubt any major label contracts have a clause saying "x% of every lawsuit settlement with p2p companies" since when lots of them were signed lawsuit settlements with p2p companies didnt exist. Plus most artists arent bright enough to ask for itAre you sure about that?
By the sound of this post it would be a step backwards anyway. It looks like you can't even consistently launch apps by double-clicking files, or copy and paste files around your filesystem from within open/save dialogs!? I'm sure this must be incorrect, because if it was true, it would make all these recommendations of Ubuntu as a polished system ready to replace Windows seem a bit laughable. Strangely, though, the post has had +insightful moderation rather than the -1 I would expect for the factually incorrect, I don't know what's going on there.