I have first hand account of a project that used the normal version of Qt, not Qt Embedded. Development was done on Linux, and testing was done on Linux. The resulting code was periodically recompiled on Windows to produce a Windows binary. End users had access to Windows and Linux binaries.
I have never seen a library that rocks more than Qt. Porting to Windows was almost as easy as a recompile. Things that did not work in the first attempt turned out to be actual bugs at a 90% rate or so. The porting overhead was marginal, at the order of two days for each two months of development.
Support was done via the Qt mailing lists, and was timely and qualified.
If you have to do any kind of multiplatform development, you should seriously check out Qt. I recommend it very highly.
The XBox normal operating system is a very much stripped down version of Windows NT, running in supervisor mode. There is no user mode, applications are running in supervisor mode as well. Any binary running on an XBOX can modify the running system and can overwrite anything on disk.
The XBOX kernel executes only XBE files. These are XBOX binary files, they are self-contained. They cannot load DLLs or other extensions. Also, the XBOX kernel does not provide even I/O subroutines for controllers or other gaming hardware, the XBE has to bring even these itself in order to play.
In order to run, XBE files must be signed. Microsoft is the holder of the private key for the XBOX, so in order for your XBE to run, Microsoft must sign the binaries. As of now, they require the source of your application, compile it and sign the resulting binary. So it is not as easy as giving an arbitrary binary to Microsoft and have them sign it in order to subvert the XBOX.
If you choose not to ask Microsoft up front for signing a chain loader to load a Linux kernel, you'll have to have a genuine game, and have Microsoft sign this. This game must be buggy, and there must be some kind of circumstance where this game turns into something different that can load arbitrary code and execute it.
The most simple way to have this is to modify the USB controller routines for a game that provides custom controllers such as a steering wheel or something similar. The USB drivers for such a game must have a bug where they accept arbitrarily long USB blocks from the bus, and by accident jump to the head or end of that buffer. Thus, you can build custom USB devices that send about 1 K long USB blocks containing a chain loader and then execute this.
Your code would not be part of the code Microsoft signs, the flaw would be very innocent in your code, and the actual chain loader would not be signed and it thus changeable.
Currently, there is no key recovation scheme for code that I know of. Thus, MS cannot easily revoke the signature for that buggy game. Also, the maker of the game cannot be directly blamed for making some kind of circumvention device, as there is no actual circumvention in that code, just a flaw.
MS would most likely build the next generation of XBOXes to contain an updateable list of revoked keys, though, and probably use XBOX online gaming to distribute key revocation lists.
There is a whole bunch of reverse engineering methods that can be automated and performed on binary code. Team Teso held a lecture on such analysis for the purpose of automated buffer overflow detected and code injection on 19C3 in Berlin this year.
What they demonstrated was the use of a very small disassembler library, a set of subroutines to isolate basic blocks (blocks of code that are neither source nor target of any jump) and a set of graph algorithms as well as a plotting library. Using this, they were able to generate a pretty characteristic view on code structure and control flow, not exactly identical but very similar to a flowchart diagram of the code.
Kristian
Re:Behind the times...
on
Potato Bazookas
·
· Score: 4, Informative
No, german kids have always been building things that go boom, as did kids all over the world. It is the german magazine DER SPIEGEL which discovered the topic and decided to make it an issue just now. Seems to fit with the overall mood, US going to war in Irak and weapons inspections and all.
The most definitive book on GSM is unfortunately hard to get:
http://www.amazon.com/exec/obidos/ASIN/094559215 9 The GSM System for Mobile Communications Mouly, Pautet
From the people who worked on the standard.
Also, note that in countries with a properly working GSM network (that is, almost anywhere except the US), SMS do work just fine despite the fact that they have no reliability guarantee and no maximum delivery time guarantee BY DESIGN.
Also, most people are using SMS delivery notifications to get information if and when their SMS has been delivered. That is, you get notified by SMS if your SMS has been delivered, with a timestamp, or are notified when your SMS has been delayed or lost, also with a timestamp. Using this backchannel and a simple timeout, reliable SMS delivery and notification can be implemented just as TCP is being implemented on a protocol like IP that just guarantees "best effort" delivery of packets.
Finally, why is SMS popular? Because it is quiet and it is asynchronous. You do not have to answer the phone in order to receive an SMS, but can handle the issue when you are ready and have the time. In Europe, you do send an SMS for just about everything, unless the matter is urgent and requires immediate attention of the callee.
The Teso people held a superb lecture on reverse engineering and systematically finding security problems in binary code at this years Chaos Congress in Berlin.
They demonstrated a way to automatically analyze and segment binary code into basic blocks. A basic block is a segment of binary code that is being executed from top to bottoms, that is, it does not contain any jumps out of the block and is not the target of a jump into the code.
Team Teso then performed graph algorithms and data flow analysis algorithms on the basic block graph their primary tool produced. This is where things get interesting for debugging.
For example, the teso people were able to trace which basic blocks are being touched during code execution. You can imagine this as a graph of the program where each basic block is a block (node) and each jump is a vertice between the blocks. Upon execution, each basic block is colored as the code is being executed.
They also were able to reconstruct C program structures from binary, and they were able to reconstruct where data comes from that ends up in a certain buffer in a structure. This allowed them to check for matching buffer sizes automatically (!) and to retrace how to inject data into a program that has mismatching buffer sizes somewhere on the inside. Makes for some very easy, instantaneous exploit generation.
For more information, have a look at their slides from the lecture.
Re:About this concept car
on
239 MPG Car
·
· Score: 4, Informative
The minimum speed on german Autobahnen is 60 km/h (slightly over 35 mph). There are no sections with a higher minimum speed, but there are sections with three or more lanes where the inner lanes have a minimum speed of 80 km/h (50 mph), whereas the outer lanes are standard german Autobahn. The recommended speed on a german autobahn is 130 km/h (80 mph), and there is no general speed limit (although many sections have speed limits and the sheer amount of traffic in germany very effectively limits speed even more).
The top speed of the Volkswagen 1L car was reported as 120 km/h (75 mph during its 230 km (140 mile) cruise.
Volkswagen offers a 3L TDi version of the Lupo right now, which uses standard Diesel fuel available at almost all gas stations in Europe.
You can bet that security was a top concern for the designers of the 1L Volkswagen as well as for the Volkwagen Lupo 3L. Germany is a country the size of Utah, but with 80 million people living in that area. Also, because there is no general speed limit, speed differences on german Autobahnen are extreme as there are only two lanes per direction and there is no cruising as in the US.
Instead vans and transports crowd the outer lanes at 100 to 120 km/h (60-75 mph), while the inner lanes are occupied by personal vehicles running from 160 to 250 km/h (100-150 mph). If you have been learning driving in Nevada or Utah, you might be in for quite an experience.
Germany requires you to have at least 12 hours of theory (attendance required) and 12 hours of practice before even allowing you to take the drivers exam. After the exam, you are on probation for two years, about any recorded offense within the probation will see you at a drivers retraining... The cost for the aquisition of a drivers license in Germany runs at about $1000 to $1200 at the moment.
Fuel stations selling them...
on
239 MPG Car
·
· Score: 3, Interesting
What is interesting is that Diesel for these cars is available in Europe at each and every gas station. 28% of all german cars are diesel cars, with the Volkswagen TDi's being one of the most popular. 3-4 l/100 km are common fuel usages with these, if you are driving sensibly.
I am german, I read the original Heise post and it is offensive and completely unacceptable. Even if this was the original party line inside EMI, it should never have been sent to a customer this way. Not in german, not in english, not in any other language.
The Mini Disk didn't fail. It's very popular in Japan and in Europe.
This is not the same Europe I live in. Of all the people I know, there is just one person that actually has a Mini Disk player and that person is no longer using it for various reasons.
1. SRM, the script running machine, is a nice and lean application server for PHP. It allows you to easily address the problem of repeated logic, and also a nice Model-View-Controller event-managing logic for your programs.
2. PHP is bytecode-compiled just like Perl and Java. Using a PHP accelerator like the Zend Cache, that bytecode is kept around in memory for recurring requests.
3. PHP's approach to OO was limited in Version 3, has been expanded significantly in Version 4 (Sebastian Bergmann has done very nice work in showing which Patterns apply to web programming and how they look in PHP) and will be complete in the upcoming Version 5.
PHP still is a dynamically typed language, and the approach to programming PHP Version 5 will be much more Smalltalk than C++ or Java, though.
4. Use XML_Transformer from PEAR or the XSLT abstraction from PEAR to create different layouts for your site, and put your content into XML pages. Cache the result using Cache_Lite or Cache_Lite_Output. Applying different transformations to your source XML will yield different output formats from a single source, and all layout will be contained in your Templates. If you do not like a functional programming language with a limited application domain such as XSLT, XML_Transformer is the tool of your choice: You can define your XML Transformations using all the power of PHP, and this includes incremental transformations, recursive transformations (not available in XSLT), and transformation targets such as PNG images or PDF documents or plain ASCII text.
5. PHP is like the borg: It assimilates libraries. Nothing is easier to write than a wrapper around any C library that exposes the libraries functionality as PHP builtin functions. If there is a C library for it, it is available in PHP.
The drawback of using a code in template system, is that your code and HTML output quickly become forever intertwined.
This need no longer be.
PHP has in fact a lot of mechanisms for separation of code and content, and I happen to be guilty of adding not only one, but two of them.
My first stab at the separation of PHP from HTML was a rewrite of the mess that was FastTemplate.class.php at that time, adding the Template class to PHPLIB. This was basically a rewrite and cleanup of the FastTemplate API, later revised by Ulf Wendel and added to PEAR. Now called Integrated Template in PEAR, it is a good base technology for HTML/PHP separation, and can be scaled pretty well combined with Cache_Lite_Output also from PEAR.
My latest attempt in separation is XML_Transformer, again in PEAR. XML_Tranformer tries to do what XSLT does, but without the disadvantage of creating a domain specific - it is basically XML transformation specified in PHP and aims to deliver the 80% of features that everybody needs with 20% of the code compared to XSLT. The design of XML_Transformer is heavily influenced by Roxens RXML (Roxen Challenger, formerly called Spinner, is a very old webserver that had XML transformations long before either XML or XSLT were specified at all) and easily extensible.
XML_Transformer extensions (called Namespaces) are modular, and written properly, are enitrely reuseable. Similar to Roxen or Cold Fusion, they implement groups of tags that can be useful in many projects. XML_Transformer will be presented at the PHP Congress in Frankfurt/Main next week.
There was once a very nice multiplayer games called NetTrek which also had a problem with cheaters on several servers (Due to the nature of the game, such clients were called Borg).
NetTrek addressed the problem of cheating on two levels. At a first level there were official, signed clients for different operating systems. So you had the source and could use your own localized or even borgified client in regular games, if you liked. But in order to participiate league games, you had to use their approved binary. That helped a little, but of course it would still be possible to write a borg client that parsed the X11 output of a signed binary and synthetized X11 events.
The other level at which NetTrek addressed the Borg problem was much smarter, though: The game server tried very hard not to send information to the client that the player should have no knowledge of. So one could borg an aimbot or other targetting helps, or write macroborgs that fire complicated predefined sequences of moves, but one could not reveal maps other otherwise gain more information than what was visible on screen anyway.
I'd like very much to hear what has become of the original NetTrek designers, and what modern games asre doing in order to prevent cheating. Are these techniques still useable?
However, the majority of people don't know how to reset their MAC addresses.
Welcome to the digital age, where knowledge can be cristallized into programs, and where the majority of people will soon be able to reenable their access to the gaming server by running some magic program without ever knowing what a MAC address is.
Normally I do not agree with RMS at all. In this particular case, though, he is flat out right.
BK is infrastructure for the kernel development. This is not something that you happen to rip out and replace on a moments notice in case the license changes to something unacceptable. changing infrastructure is a painful process in which more often than not valueable metadata is lost and in which you have to change processes and retrain people.
In fact, this is precisely the reason while Linus is still using BK despite the controversial license: Convenience vs. da pain of changing.
Now, consider the license change BK put through, and what it mandates: It basically says that you cannot use the free license for Bitkeeper to use Bitkeeper for anything including Kernel development if you or your company happen to work on a version control system.
Can Bitkeeper legitimately impose such license restrictions? Yes, they can - it is their product and they can do whatever they fucking want with it.
Is such a license acceptable for Linux kernel development? Not at all. Despite the fact that there are Bitkeeper-to-CVS and Bitkeeper-to-Subversion and Bitkeeper-to-tgz-Gateways all over the place now, Non-BK users are second class citizens in Linux kernel development. They do not have realtime access, and they do not have proper access to BK metadata at all. Also, patch submissions that do not come in via BK are treated worse than patches that come in via BK - Linus and friends may say they aren't, or they aren't intentionally, but they are - again matters of convenience and infrastructure working against Non-BK users.
Switching from BK to a different systems becomes harder the longer you use them, because the systems accumulates metadata and processes center around BK - the infrastructure mechanics I explained above at work.
Finally, is this situation sane at all? That is, is there at least one party that wins because of this license change?
Well, the people who cannot use the free BK license are certainly not winning. They are shut out and have to use second-class systems to contribute to the kernel. Their enthusiasm and energy that could be used for Linux kernel development is diverted to integrating into a principally broken infrastructure.
The Linux kernel development process certainly is not winning at all. There is war and blodshed on the list, and people are switching or turning their back on kernel development out of principle, others defend Bitkeeper out of purely technical reasons, shutting out all the process problems and political outrage BK creates.
Bitkeeper, the company, certainly isn't winning, too. They created this license in order to discourage the development of BK alternatives. Well, that backfired big time. I couldn't have devised a better Subversion promotion campaign than this particular license change.
Basically, BK has pulled a Qt. That is, they created a great product that is important infrastructure for other projects, with a license that is unacceptable for many people. This is just what Qt was in the beginning of the KDE project: a truly great product in an pivotal infrastructure role for an important project (the Linux Desktop). And just like the license to Qt forced many people to create an alternative to Qt, spawning the Gnome desktop, the BK license change will be a great incentive for many to work on Subversion, Arc and related projects.
So BK actually achived the opposite of what they intended with the license change.
Is there any other party that might be winning? Well, yes. Microsoft. But you already knew that. And hey, they even have a version control system.
The idea is: What looks the same behaves the same.
Which is not the case with current Gnome and KDE. And probably never will be.
I have different desktop themes and backgrounds at work and at home for a reason. My mind and my fingers automatically switch passwords and procedures, because without conscious effort I recognize the different environment and switch to different trained behaviour. Also, the few Gnome programs I am using look decidedly different than the KDE stuff I am using, and this helps a lot. Looking different, I do not expect the Gnome stuff to operate like the KDE grouping around it, and automatically treat it differently.
More information on Methane Hydrates on the continental shelves can be found at TECFLUX at Geomar. Find the photo galleries here.
The TECFLUX (TECtonically- induced FLUXes) project is a German-American effort dedicated to the long-term study of continental margin gas hydrates on Hydrate Ridge, Oregon. This multi-stage research project was based on more than a decade of research on the Oregon accretionary margin and on recent results from Sonne cruises 109 and 110. During these cruises massive hydrate deposits were recovered from nearsurface sediments; and sites where fresh water and methane gas from hydrate decomposition were documented. This newly discovered site lies less than 50 miles due west of Newport, OR, making it very accessible for detailed study. This setting is a perfect natural laboratory for the study hydrate formation and decomposition in continental margin.
Of course, anybody with a proper camera may be able to take photographs from your screen.
Most people with expensive camera equipment add a polarizing filter to their glassware in order to protect the lens. The filter will kill some nasty reflections and improve colors, and is much cheaper to replace than the actual unprotected lens should it become scratched.
Mapping social networks has been done before 9/11, of course. Same with biometry, retinal scans ("Retinal scan, Xander!") and similar things.
But since 9/11, the T word is placated over anything to further interest into particular subjects, independent of the practicality of the idea or its actual field of use.
The german term for this is "modewort" ("in word"?).
Why the hassle with the editfield? As far as I can see, code is being executed with the address space of the security relevant process by receiving WM_TIMER or any other message that accepts callback addresses.
So any method to inject code into the target address space is okay, even writing the exploit into configuration files, registry keys, or sending it in network packages so that it ends up in any input buffer. Just send the WM_TIMER to activate it.
Slashdot Mirror
You do have "mesg n" set, do you?
If not, you are attachable by "write " as well.
And yes, this is very, very old. Many an administrators open terminals have been taken remotely using this when I was at university.
Kristian
I have first hand account of a project that used the normal version of Qt, not Qt Embedded. Development was done on Linux, and testing was done on Linux. The resulting code was periodically recompiled on Windows to produce a Windows binary. End users had access to Windows and Linux binaries.
I have never seen a library that rocks more than Qt. Porting to Windows was almost as easy as a recompile. Things that did not work in the first attempt turned out to be actual bugs at a 90% rate or so. The porting overhead was marginal, at the order of two days for each two months of development.
Support was done via the Qt mailing lists, and was timely and qualified.
If you have to do any kind of multiplatform development, you should seriously check out Qt. I recommend it very highly.
The XBox normal operating system is a very much stripped down version of Windows NT, running in supervisor mode. There is no user mode, applications are running in supervisor mode as well. Any binary running on an XBOX can modify the running system and can overwrite anything on disk.
The XBOX kernel executes only XBE files. These are XBOX binary files, they are self-contained. They cannot load DLLs or other extensions. Also, the XBOX kernel does not provide even I/O subroutines for controllers or other gaming hardware, the XBE has to bring even these itself in order to play.
In order to run, XBE files must be signed. Microsoft is the holder of the private key for the XBOX, so in order for your XBE to run, Microsoft must sign the binaries. As of now, they require the source of your application, compile it and sign the resulting binary. So it is not as easy as giving an arbitrary binary to Microsoft and have them sign it in order to subvert the XBOX.
If you choose not to ask Microsoft up front for signing a chain loader to load a Linux kernel, you'll have to have a genuine game, and have Microsoft sign this. This game must be buggy, and there must be some kind of circumstance where this game turns into something different that can load arbitrary code and execute it.
The most simple way to have this is to modify the USB controller routines for a game that provides custom controllers such as a steering wheel or something similar. The USB drivers for such a game must have a bug where they accept arbitrarily long USB blocks from the bus, and by accident jump to the head or end of that buffer. Thus, you can build custom USB devices that send about 1 K long USB blocks containing a chain loader and then execute this.
Your code would not be part of the code Microsoft signs, the flaw would be very innocent in your code, and the actual chain loader would not be signed and it thus changeable.
Currently, there is no key recovation scheme for code that I know of. Thus, MS cannot easily revoke the signature for that buggy game. Also, the maker of the game cannot be directly blamed for making some kind of circumvention device, as there is no actual circumvention in that code, just a flaw.
MS would most likely build the next generation of XBOXes to contain an updateable list of revoked keys, though, and probably use XBOX online gaming to distribute key revocation lists.
People. Get real. Slasdot user numbers - I mean, how low can you go?
Kristian
There is a whole bunch of reverse engineering methods that can be automated and performed on binary code. Team Teso held a lecture on such analysis for the purpose of automated buffer overflow detected and code injection on 19C3 in Berlin this year.
What they demonstrated was the use of a very small disassembler library, a set of subroutines to isolate basic blocks (blocks of code that are neither source nor target of any jump) and a set of graph algorithms as well as a plotting library. Using this, they were able to generate a pretty characteristic view on code structure and control flow, not exactly identical but very similar to a flowchart diagram of the code.
Kristian
No, german kids have always been building things that go boom, as did kids all over the world. It is the german magazine DER SPIEGEL which discovered the topic and decided to make it an issue just now. Seems to fit with the overall mood, US going to war in Irak and weapons inspections and all.
Kristian
The most definitive book on GSM is unfortunately hard to get:
5 9
http://www.amazon.com/exec/obidos/ASIN/09455921
The GSM System for Mobile Communications
Mouly, Pautet
From the people who worked on the standard.
Also, note that in countries with a properly working GSM network (that is, almost anywhere except the US), SMS do work just fine despite the fact that they have no reliability guarantee and no maximum delivery time guarantee BY DESIGN.
Also, most people are using SMS delivery notifications to get information if and when their SMS has been delivered. That is, you get notified by SMS if your SMS has been delivered, with a timestamp, or are notified when your SMS has been delayed or lost, also with a timestamp. Using this backchannel and a simple timeout, reliable SMS delivery and notification can be implemented just as TCP is being implemented on a protocol like IP that just guarantees "best effort" delivery of packets.
Finally, why is SMS popular? Because it is quiet and it is asynchronous. You do not have to answer the phone in order to receive an SMS, but can handle the issue when you are ready and have the time. In Europe, you do send an SMS for just about everything, unless the matter is urgent and requires immediate attention of the callee.
Kristian
So, who is going to organize the worlds first flying WLAN party from Munich to New York and back?
Kristian
The Teso people held a superb lecture on reverse engineering and systematically finding security problems in binary code at this years Chaos Congress in Berlin.
They demonstrated a way to automatically analyze and segment binary code into basic blocks. A basic block is a segment of binary code that is being executed from top to bottoms, that is, it does not contain any jumps out of the block and is not the target of a jump into the code.
Team Teso then performed graph algorithms and data flow analysis algorithms on the basic block graph their primary tool produced. This is where things get interesting for debugging.
For example, the teso people were able to trace which basic blocks are being touched during code execution. You can imagine this as a graph of the program where each basic block is a block (node) and each jump is a vertice between the blocks. Upon execution, each basic block is colored as the code is being executed.
They also were able to reconstruct C program structures from binary, and they were able to reconstruct where data comes from that ends up in a certain buffer in a structure. This allowed them to check for matching buffer sizes automatically (!) and to retrace how to inject data into a program that has mismatching buffer sizes somewhere on the inside. Makes for some very easy, instantaneous exploit generation.
For more information, have a look at their slides from the lecture.
Kristian
Well, what do you think?
Wouldn't evolution have constructed lifeforms of this kind long ago if they were stable and competetive in a natural environment?
I get laughed at for having a 1.9 liter 4 cylinder engine.
Volkswagen has a very nice 1.9 liter 4 cylinder engine for their Volkswagen Golf that is actually great fun to drive. This baby comes in at 96 kW (130 hp) in a 1200 kg car, getting you up to 200 km/h (125 mph) effortlessly, eating all of 4-5l/100 km standard Diesel fuel (1l gas is about $1 in germany, 1l Diesel is about $0.85 in Germany).
The minimum speed on german Autobahnen is 60 km/h (slightly over 35 mph). There are no sections with a higher minimum speed, but there are sections with three or more lanes where the inner lanes have a minimum speed of 80 km/h (50 mph), whereas the outer lanes are standard german Autobahn. The recommended speed on a german autobahn is 130 km/h (80 mph), and there is no general speed limit (although many sections have speed limits and the sheer amount of traffic in germany very effectively limits speed even more).
The top speed of the Volkswagen 1L car was reported as 120 km/h (75 mph during its 230 km (140 mile) cruise.
Volkswagen offers a 3L TDi version of the Lupo right now, which uses standard Diesel fuel available at almost all gas stations in Europe.
You can bet that security was a top concern for the designers of the 1L Volkswagen as well as for the Volkwagen Lupo 3L. Germany is a country the size of Utah, but with 80 million people living in that area. Also, because there is no general speed limit, speed differences on german Autobahnen are extreme as there are only two lanes per direction and there is no cruising as in the US.
Instead vans and transports crowd the outer lanes at 100 to 120 km/h (60-75 mph), while the inner lanes are occupied by personal vehicles running from 160 to 250 km/h (100-150 mph). If you have been learning driving in Nevada or Utah, you might be in for quite an experience.
Germany requires you to have at least 12 hours of theory (attendance required) and 12 hours of practice before even allowing you to take the drivers exam. After the exam, you are on probation for two years, about any recorded offense within the probation will see you at a drivers retraining... The cost for the aquisition of a drivers license in Germany runs at about $1000 to $1200 at the moment.
What is interesting is that Diesel for these cars is available in Europe at each and every gas station. 28% of all german cars are diesel cars, with the Volkswagen TDi's being one of the most popular. 3-4 l/100 km are common fuel usages with these, if you are driving sensibly.
Kristian
I am german, I read the original Heise post and it is offensive and completely unacceptable. Even if this was the original party line inside EMI, it should never have been sent to a customer this way. Not in german, not in english, not in any other language.
Kristian
The Mini Disk didn't fail. It's very popular in Japan and in Europe.
This is not the same Europe I live in. Of all the people I know, there is just one person that actually has a Mini Disk player and that person is no longer using it for various reasons.
Kristian
1. SRM, the script running machine, is a nice and lean application server for PHP. It allows you to easily address the problem of repeated logic, and also a nice Model-View-Controller event-managing logic for your programs.
2. PHP is bytecode-compiled just like Perl and Java. Using a PHP accelerator like the Zend Cache, that bytecode is kept around in memory for recurring requests.
3. PHP's approach to OO was limited in Version 3, has been expanded significantly in Version 4 (Sebastian Bergmann has done very nice work in showing which Patterns apply to web programming and how they look in PHP) and will be complete in the upcoming Version 5.
PHP still is a dynamically typed language, and the approach to programming PHP Version 5 will be much more Smalltalk than C++ or Java, though.
4. Use XML_Transformer from PEAR or the XSLT abstraction from PEAR to create different layouts for your site, and put your content into XML pages. Cache the result using Cache_Lite or Cache_Lite_Output. Applying different transformations to your source XML will yield different output formats from a single source, and all layout will be contained in your Templates. If you do not like a functional programming language with a limited application domain such as XSLT, XML_Transformer is the tool of your choice: You can define your XML Transformations using all the power of PHP, and this includes incremental transformations, recursive transformations (not available in XSLT), and transformation targets such as PNG images or PDF documents or plain ASCII text.
5. PHP is like the borg: It assimilates libraries. Nothing is easier to write than a wrapper around any C library that exposes the libraries functionality as PHP builtin functions. If there is a C library for it, it is available in PHP.
The drawback of using a code in template system, is that your code and HTML output quickly become forever intertwined.
This need no longer be.
PHP has in fact a lot of mechanisms for separation of code and content, and I happen to be guilty of adding not only one, but two of them.
My first stab at the separation of PHP from HTML was a rewrite of the mess that was FastTemplate.class.php at that time, adding the Template class to PHPLIB. This was basically a rewrite and cleanup of the FastTemplate API, later revised by Ulf Wendel and added to PEAR. Now called Integrated Template in PEAR, it is a good base technology for HTML/PHP separation, and can be scaled pretty well combined with Cache_Lite_Output also from PEAR.
My latest attempt in separation is XML_Transformer, again in PEAR. XML_Tranformer tries to do what XSLT does, but without the disadvantage of creating a domain specific - it is basically XML transformation specified in PHP and aims to deliver the 80% of features that everybody needs with 20% of the code compared to XSLT. The design of XML_Transformer is heavily influenced by Roxens RXML (Roxen Challenger, formerly called Spinner, is a very old webserver that had XML transformations long before either XML or XSLT were specified at all) and easily extensible.
XML_Transformer extensions (called Namespaces) are modular, and written properly, are enitrely reuseable. Similar to Roxen or Cold Fusion, they implement groups of tags that can be useful in many projects. XML_Transformer will be presented at the PHP Congress in Frankfurt/Main next week.
Kristian
There was once a very nice multiplayer games called NetTrek which also had a problem with cheaters on several servers (Due to the nature of the game, such clients were called Borg).
NetTrek addressed the problem of cheating on two levels. At a first level there were official, signed clients for different operating systems. So you had the source and could use your own localized or even borgified client in regular games, if you liked. But in order to participiate league games, you had to use their approved binary. That helped a little, but of course it would still be possible to write a borg client that parsed the X11 output of a signed binary and synthetized X11 events.
The other level at which NetTrek addressed the Borg problem was much smarter, though: The game server tried very hard not to send information to the client that the player should have no knowledge of. So one could borg an aimbot or other targetting helps, or write macroborgs that fire complicated predefined sequences of moves, but one could not reveal maps other otherwise gain more information than what was visible on screen anyway.
I'd like very much to hear what has become of the original NetTrek designers, and what modern games asre doing in order to prevent cheating. Are these techniques still useable?
Kristian
However, the majority of people don't know how to reset their MAC addresses.
Welcome to the digital age, where knowledge can be cristallized into programs, and where the majority of people will soon be able to reenable their access to the gaming server by running some magic program without ever knowing what a MAC address is.
Kristian
Normally I do not agree with RMS at all. In this particular case, though, he is flat out right.
BK is infrastructure for the kernel development. This is not something that you happen to rip out and replace on a moments notice in case the license changes to something unacceptable. changing infrastructure is a painful process in which more often than not valueable metadata is lost and in which you have to change processes and retrain people.
In fact, this is precisely the reason while Linus is still using BK despite the controversial license: Convenience vs. da pain of changing.
Now, consider the license change BK put through, and what it mandates: It basically says that you cannot use the free license for Bitkeeper to use Bitkeeper for anything including Kernel development if you or your company happen to work on a version control system.
Can Bitkeeper legitimately impose such license restrictions? Yes, they can - it is their product and they can do whatever they fucking want with it.
Is such a license acceptable for Linux kernel development? Not at all. Despite the fact that there are Bitkeeper-to-CVS and Bitkeeper-to-Subversion and Bitkeeper-to-tgz-Gateways all over the place now, Non-BK users are second class citizens in Linux kernel development. They do not have realtime access, and they do not have proper access to BK metadata at all. Also, patch submissions that do not come in via BK are treated worse than patches that come in via BK - Linus and friends may say they aren't, or they aren't intentionally, but they are - again matters of convenience and infrastructure working against Non-BK users.
Switching from BK to a different systems becomes harder the longer you use them, because the systems accumulates metadata and processes center around BK - the infrastructure mechanics I explained above at work.
Finally, is this situation sane at all? That is, is there at least one party that wins because of this license change?
Well, the people who cannot use the free BK license are certainly not winning. They are shut out and have to use second-class systems to contribute to the kernel. Their enthusiasm and energy that could be used for Linux kernel development is diverted to integrating into a principally broken infrastructure.
The Linux kernel development process certainly is not winning at all. There is war and blodshed on the list, and people are switching or turning their back on kernel development out of principle, others defend Bitkeeper out of purely technical reasons, shutting out all the process problems and political outrage BK creates.
Bitkeeper, the company, certainly isn't winning, too. They created this license in order to discourage the development of BK alternatives. Well, that backfired big time. I couldn't have devised a better Subversion promotion campaign than this particular license change.
Basically, BK has pulled a Qt. That is, they created a great product that is important infrastructure for other projects, with a license that is unacceptable for many people. This is just what Qt was in the beginning of the KDE project: a truly great product in an pivotal infrastructure role for an important project (the Linux Desktop). And just like the license to Qt forced many people to create an alternative to Qt, spawning the Gnome desktop, the BK license change will be a great incentive for many to work on Subversion, Arc and related projects.
So BK actually achived the opposite of what they intended with the license change.
Is there any other party that might be winning? Well, yes. Microsoft. But you already knew that. And hey, they even have a version control system.
The idea is: What looks the same behaves the same.
Which is not the case with current Gnome and KDE. And probably never will be.
I have different desktop themes and backgrounds at work and at home for a reason. My mind and my fingers automatically switch passwords and procedures, because without conscious effort I recognize the different environment and switch to different trained behaviour. Also, the few Gnome programs I am using look decidedly different than the KDE stuff I am using, and this helps a lot. Looking different, I do not expect the Gnome stuff to operate like the KDE grouping around it, and automatically treat it differently.
Kristian
More information on Methane Hydrates on the continental shelves can be found at TECFLUX at Geomar. Find the photo galleries here.
The TECFLUX (TECtonically- induced FLUXes) project is a German-American effort dedicated to the long-term study of continental margin gas hydrates on Hydrate Ridge, Oregon. This multi-stage research project was based on more than a decade of research on the Oregon accretionary margin and on recent results from Sonne cruises 109 and 110. During these cruises massive hydrate deposits were recovered from nearsurface sediments; and sites where fresh water and methane gas from hydrate decomposition were documented. This newly discovered site lies less than 50 miles due west of Newport, OR, making it very accessible for detailed study. This setting is a perfect natural laboratory for the study hydrate formation and decomposition in continental margin.
Of course, anybody with a proper camera may be able to take photographs from your screen.
Most people with expensive camera equipment add a polarizing filter to their glassware in order to protect the lens. The filter will kill some nasty reflections and improve colors, and is much cheaper to replace than the actual unprotected lens should it become scratched.
Mapping social networks has been done before 9/11, of course. Same with biometry, retinal scans ("Retinal scan, Xander!") and similar things.
But since 9/11, the T word is placated over anything to further interest into particular subjects, independent of the practicality of the idea or its actual field of use.
The german term for this is "modewort" ("in word"?).
Why the hassle with the editfield? As far as I can see, code is being executed with the address space of the security relevant process by receiving WM_TIMER or any other message that accepts callback addresses.
So any method to inject code into the target address space is okay, even writing the exploit into configuration files, registry keys, or sending it in network packages so that it ends up in any input buffer. Just send the WM_TIMER to activate it.