Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:The big news here is (Score 1) 466

Um, Apple has tested each iPhone outside of the lab. I remember seeing some pictures of the original iPhone being used on Caltrain way before release and shortly after it was announced. Of course the person using it didn't know they had their picture taken using it.

This is just the first time that Apple lost any of the devices.

The connectivity issues with the iPhone are not because of the device, its because of the awful AT&T network.

Comment Re:Sadly nothing new with Wordpress (Score 1) 112

Nope, it works perfectly. 1 is the execute bit, which when applied to a directory allows you to read a file from inside that directory ONLY if you know the absolute path to the file. However, since the parent is 701 you can't find out what that unique directory name is without already knowing it.

Apache can read this because its looking for index.php inside that vhost's DocumentRoot. Now, you might be asking ... well, just look at the vhost and grab the DocumentRoot from there. You can't, the directory that contains the vhost files is also set to root.root 700. Apache can read this at start up before it switchs to a non-privileged user.

Here, try this out:

mkdir -p /web/blog1/abc/
mkdir -p /web/blog2/def/
mkdir -p /web/blog3/ghi/

chmod 701 /web/blog1
chmod 701 /web/blog2
chmod 701 /web/blog3

chmod 701 /web/blog1/abc
chmod 701 /web/blog2/def
chmod 701 /web/blog3/ghi

touch /web/blog1/abc/index.php
touch /web/blog2/def/index.php
touch /web/blog3/ghi/index.php

Now, try an ls of /web/blog1 you will get a Permission denied. You can't find out that unique directory name inside /web/blog1 without already knowing it, which Apache does. However, you can do a ls /web/blog1/abc/index.php

Wordpress doesn't need to look at files inside those directories so its ok. It also gets its current running (DocumentRoot) from PHP (which is being passed via environment variables) so everything works as normal.

Even lsof won't show what directories are currently open. /proc won't list it either, as those files won't allow you to read about those processes as a non-privileged user.

I am not quite sure what you are trying to accomplish security wise by mounting those with noatime. That's a performance benefit.

Comment Sadly nothing new with Wordpress (Score 3, Informative) 112

I have been dealing with a large number of Wordpress installs in the past 2 years and I am hear to tell you this is NOTHING new. This is a very common attack that is being used and its hard as shit to find. Sometimes they embed it in Javascript, sometimes its in PHP. Sometimes they encode the PHP or Javascript in base64. Sometimes they have it binary encoded inside image files. They go to great lengths to hide the code.

There is also a large number of free themes out there that come with this crap included. You can typically find it by looking at the footer include file. Look for a large base64 string. Most people ignore those because there are a number of developers who find it amusing to put that crap in their footers that if removed it will prevent the theme from working. Sure, I understand they want to prevent people from removing their credit but come on. Its leading to security issues across the board.

The only thing that I have found that helps limit these attacks is to only make the wp-content/uploads directory writable by the webserver. Everything else is owned by the user or root. To take things further, each install is placed inside a unique directory name that is chmod'd to 701 (its parent is also 701). If an attack manages to crack one install, they can't just attack another by going through the file system.

Not trying to trash Wordpress here, its just too popular and they have had a number of security mistakes in the past. Wordpress installs require a lot of maintenance to keep up to date. Wordpress makes it easy on attackers by listing the version number right in the damn HTML. Sure, they say that it doesn't matter because people can figure it out anyway. But hey, why not just leave your house unlocked at night. Attackers are just going to get in anyway.

Comment Time to look for a new job (Score 1) 1019

Music makes me code faster. When I am going into a code grind I will pop in some electronic music and start kicking some ass. The repetitiveness of the music really helps me with writing some of the same statements over and over. It also gives me a flow to keep up with. This type of music also makes it easy to tune out when I am working on a more critical section of the code.

If I was told tomorrow that I am not allowed to listen to music at work, I would immediately without even thinking twice start looking for a new job. It really sounds like this is the type of boss who would complain about me taking a 5 minute break to read Slashdot or whatever. Not the type of company I would work for. Treat your employees like humans not slaves, and you will get far more productivity out of them. Humans need a few minutes of casual browsing to help break up the day and reset them selves for the next steps in a project.

I couldn't work in an office that was completely silent. That's more distracting then anything and would drive me crazy.

Now of course I use headphones all the time. It would be very distracting to be forced to listen to a style of music that you aren't into. All coders are into different styles of hacking music. I know some that are into speed metal where others are into classical. Whatever works for ya.

When I am at home (working on my own projects) I will generally have a movie playing on the other screen. For the most part I don't really watch it except for the really cool action scenes. I watch movies that I have seen a number of times so I don't have to watch every little part.

A wise man told me once that you shouldn't look for a good job, look for a good boss.

Comment The game industry needs a shakeup (Score 1) 221

When I see things like this, I know its a game I won't be playing. I will NOT spend additionally money on a game after I purchase it. World of Warcraft is slightly different in its subscription fees. But, everyone who pays the $13 a month gets the same game. Not different tiers of things depending on how much you spend.

EA is going to be in some serious trouble if they think this will work well as a long term business plan. As it is, I generally don't buy EA games anymore because most of the games they produce are cloned out versions of the same game over and over. Not to mention the quality of the games is piss poor. Command and Conquer vs Warcraft or Starcraft ? EA can't touch Blizzard with a 10' pole here. I will always buy a Blizzard game over EA because they are quality.

EA is going to be in serious shit if they continue down this road.

Comment I forgot what seasons are (Score 1) 451

Since I moved to San Francisco, I kinda forgot what seasons are. The winter time gets colder, but not nearly cold enough for snow or anything. I don't see leaves falling, since well ... there are very few trees to actually see. The summer time doesn't heat up like other places, it gets a tiny bit warmer and 2 weeks of hotter weather. Can you call 2 weeks a season ?

Comment Re:No one can stop the x86 train... (Score 1) 272

I seriously doubt Windows is running on 96% of netbooks. Microsoft might be _selling_ on 98% of them but that is because its near impossible to get a good one that doesn't have Windows pre-installed. I am getting a MSI Wind U100 next week and I am sure as hell not using Windows on it. It comes pre-installed but I won't even boot into it. I am going to install Ubuntu and OS X on it.

Comment Fuck IE6 and fuck people who use it (Score 1) 531

By using IE6 you are personally responsible for holding back innovation. Countless development time is wasted supporting the completely broken browser. If the company you work for is still using IE6, then they are a serious problem. Well, personally I would never work for a company that is a Windows shop, but that is a whole other story.

All my development supports modern browsers only. If you can't or won't upgrade, then too bad ... its not my problem. The percentage of IE6 users against all my sites is very low, sub 10% of users. But even if it was 25% or more ... it still wouldn't cause me to waste precious development time on a pile of shit browser.

When you visit some of my sites you are given a warning that the site will be broken in IE6 and that you need to upgrade.

This is what happens when you get in bed with Microsoft, you will get screwed in the end.

Comment Re:question: (Score 4, Interesting) 307

They are really going to destroy the language with this idea. Its a *VERY* bad design decision, and they really don't care what the community thinks of it. People suggested using ::: ... that claim its too many characters to type. Ok, how about : or . or one of the other suggestions.

The decision was made in IRC without any community input. People are very unhappy with it, and they don't care. It almost makes me embarrassed to be a PHP developer.

Maybe with some luck, a competent development team will fork it.


Submission + - Boxee forced to remove Hulu (boxee.tv) 1

SnapperHead writes: "Two weeks ago Hulu called and told Boxee their content partners were asking them to remove Hulu from boxee. Boxee tried (many times) to plead the case for keeping Hulu on Boxee, but on Friday of this week, in good faith, Boxee will be removing it."

Comment Only 2 possibilities (Score 1) 873

There are only 2 possibilities of why she would push so hard for it:

1) She has no technical knowledge at all and/or not even a basic understand of how the internet works. Just another Ted Stevens.

2) She is being bribed or blackmailed but some ISP.

Nobody in their right mind would want to support this kinda of action unless they are being paid off. Its flat out ludicrous.

Comment Panic:coda (Score 1) 1131

I have recently become a fan of Panic:Coda (http://www.panic.com/coda/). I used to use Komodo, which is really nice but just too damn slow to load up and has a ugly UI. Using an editor all day long, it needs to look nice and work well. Coda doesn't have all the features, but its very stable.

Slashdot Top Deals

You can tell the ideals of a nation by its advertisements. -- Norman Douglas