History of the Free Software Movement
Saturday, September 29th, 2007Found an interesting read over at O Reilly's website:
The GNU Operating System and the Free Software Movement, by Richard Stallman.

Found an interesting read over at O Reilly's website:
The GNU Operating System and the Free Software Movement, by Richard Stallman.
Something every PHP developer should be reading:
The Unexpected SQL Injection – When Escaping Is Not Enough
The conclusions:
Like my rule #1 of what I like to call Defensive Coding: Don't be implicit, be explicit. In other words, don't try to escape things you don't want in your strings, simply only leave everything you do want in your strings. A column name in a ORDER BY clause should only consist of A-Z, a-z and 0-9. Anything else in the string invalidates that string.
I was implementing a plugin system for a framework I'm writing, and I needed plugins to be able to register a callback function or method with the Plugin Manager so that the callback function would get called when a signal was emitted. Here's a very stripped down version of what I ended up with:
<?php // Sample callback function function callback_function() { print("callback_function()\n"); } // Sample class with static and non-static callback functions class Callback { // Sample callback method in a class instance public function callback_method() { print("Callback->callback_method()\n"); } // Sample static callback method public static function callback_method_static() { print("Callback::callback_method_static()\n"); } } // Hook class with which you register callback functions and methods // which will be called when you call the emit() method. class Hook { private $callbacks = array(); // All the registered callbacks. // // Register a function/method as a callback function. // public function registerCallback($callback) { $this->callbacks[] = $callback; } // // Run all the functions/methods registered as callbacks. // public function emit() { foreach($this->callbacks as $callback) { call_user_func($callback); } } } // Create a hook class instance with which we will register our // callbacks. $hook = new Hook(); // Instantiate the sample callback class. $callback = new Callback(); // Register all the sample callbacks with the Hook class instance. $hook->registerCallback('callback_function'); $hook->registerCallback(array($callback, 'callback_method')); $hook->registerCallback(array('Callback', 'callback_method_static')); // Make the Hook class instance call all the registered callback // methods. $hook->emit(); ?>
First, we set up some sample callback functions and methods (callback_function(), Callback->callback_method() and Callback::callback_method_static()). Then we define the Hook class with which we can register callback functions. Finally, we register our sample callbacks with the Hook class and emit the 'signal'.
Right now, there's only a single signal (or no signal at all, depending on how you look at it), but that's easy to implement. The magic basically is in the emit() method of the Hook class. It iterates over the registered callbacks, which is nothing more than an array containing either strings for function callbacks or arrays for static and non-static callback methods. It then calls those using the call_user_func() method.
All this results in the following output, when ran:
callback_function() Callback->callback_method() Callback::callback_method_static()
Nothing fancy, and I must have implemented something similar a gazillion times, but I thought I'd share it with you all.
I'm off too Dublin for a couple of days. Be back on the 25th. Ahoy mateys!
'Tis that time o' the year again, me hearties! Yarrr! Now, where's me grog?
The Chinese government has outlawed the practice of reincarnating for Buddhist monks in Tibet without their permission.
In one of history's more absurd acts of totalitarianism, China has banned Buddhist monks in Tibet from reincarnating without government permission. According to a statement issued by the State Administration for Religious Affairs, the law, which goes into effect next month and strictly stipulates the procedures by which one is to reincarnate, is "an important move to institutionalize management of reincarnation." But beyond the irony lies China's true motive: to cut off the influence of the Dalai Lama, Tibet's exiled spiritual and political leader, and to quell the region's Buddhist religious establishment more than 50 years after China invaded the small Himalayan country. By barring any Buddhist monk living outside China from seeking reincarnation, the law effectively gives Chinese authorities the power to choose the next Dalai Lama, whose soul, by tradition, is reborn as a new human to continue the work of relieving suffering.
From Wikipedia's article on the Dalai Lama:
Despite its officially secular stance, the government of the People's Republic of China (PRC) has claimed the power to approve the naming of high reincarnations in Tibet. This decision cites a precedent set by the Qianlong Emperor of the Qing Dynasty, who instituted a system of selecting the Dalai Lama and the Panchen Lama by means of a lottery which utilised a golden urn with names wrapped in barley balls. Controversially, this precedent was called upon by the PRC to name their own Panchen Lama. The Dalai Lama and the majority of Tibetan Buddhists in exile do not regard this to be the legitimate Panchen Lama. The Dalai Lama has recognized a different child, Gedhun Choekyi Nyima, as the reincarnated Panchen Lama. This child and his family have been taken into 'protective custody' according to the PRC, and all attempts by members of the EU parliament and US government to garner guarantees of the family's safety have been denied by the PRC. There is some speculation that with the death of the current Dalai Lama, the People's Republic of China will attempt to direct the selection of a successor, using the authority of their chosen Panchen Lama.
The current Dalai Lama has repeatedly stated that he will never be reborn inside territory controlled by the People's Republic of China, and has occasionally suggested that he might choose to be the last Dalai Lama by not being reborn at all. However, he has also stated that the purpose of his repeated incarnations is to continue unfinished work and, as such, if the situation in Tibet remains unchanged, it is very likely that he will be reborn to finish his work. Additionally, in the draft constitution of future Tibet, the institution of the Dalai Lama can be revoked at any time by a democratic majority vote of two-thirds of the Assembly. The 14th Dalai Lama has stated, "Personally, I feel the institution of the Dalai Lama has served its purpose."
I finally found a good Bittorrent client for Debian. Freeloader. The original homepage doesn't appear to be live anymore, so perhaps it is unmaintained. But, it's written in Python, so if I need some functionality that it doesn't have, I can just add it myself. Here's a screenshot:
Things that are missing (which I'll probably add myself):
NU.nl reports about a (English) Report about the safety of the web. In it, CA reports:
Browsers are one of the most commonly used applications today. Many people believe that Mozilla Firefox is more secure than Microsoft Internet Explorer, but their vulnerabilities are on par. In the first half of 2007, NIST reported 52 vulnerabilities in Internet Explorer of which half were medium or high severity. And there were 53 vulnerabilities reported in Firefox of which almost half were medium or high severity.
The numbers are climbing. In 2006, 96 vulnerabilities were reported in Internet Explorer and 103 reported in Firefox.
Even less popular browsers have more security holes. More than double the vulnerabilities have been reported in the Opera browser. NIST reports 14 vulnerabilities this year versus seven last year, and more than half of this year vulnerabilities are medium or high severity.
Apple Safari has 19 newly reported vulnerabilities this year nearly twice the number reported last year, and half of them are medium or high severity.
When will researchers understand that the number of vulnerabilities reported / fixed are not a good way to determine how secure an application is? The problem is either that these people don't understand software development, or that these people wish to backup their pre-determined claims with hard evidence, so they start looking at reported vulnerabilities. It doesn't work that way, unfortunately. There are way too many variables not accounted for:
In defence of CA, their report doesn't specifically say that Internet Explorer, Safari, Firefox or whatever is more secure than the other. They just imply it. As usual, media outlets are twisting the view on reports in order to make for better news and scare-mongering.