SVN Server Admin Issue: Fix It!
My Clippings September 25th, 2009 by System
Automatically pulled from Google Starred
    |
A few months ago, Anton Isaykin in collaboration with the company 2comrades discovered a serious security problem that is quite typical of big projects (we do not name names here). To test it, they obtained the file structures and even the source code of about 3320 Russian websites and some major English-language websites. Serious problems like this aren’t supposed to exist nowadays. Every serious or visible exploit is found and fixed quickly. But here we will show you something simple and ordinary yet quite dangerous.
What Is It?
Almost every developer has used or is using a version control system such as SVN. SVN is an advanced tool for managing source code and is used by teams consisting of anywhere from two to hundreds of developers. In its architecture, SVN stores some meta data in a hidden sub-directory (called .svn) of every directory. One of the files in there, named entries, is a list of all of the files and directories contained in the folder where .svn is located.
It also has a link to the repository itself, developer log-ins, file sizes and dates. That’s a problem right there, isn’t it? So, if a project was developed using SVN, we could go to draftcopy.ru/.svn/entries and see the project’s root file structure, with all of this information.
And we could go even further. In the same .svn directory are some text-base directories containing the latest versions of all project files. Moreover, these files carry the non-standard extension .svn-base (for example, index.php.svn-base). So, the files are not run in PHP, Ruby, Python or Perl but are displayed outright!
http://draftcopy.ru/.svn/text-base/index.php.svn-base
We should note that not all websites use SVN this way. We were not able to get the source code in every case.
When we realized that this problem has persisted for almost nine years, we decided to create a crawler to check websites with Russian top-level domains and major .com websites to collect some statistics. But before we report this, let’s go over how to prevent such a thing from happening to your own project.
How To Defend Yourself
You can solve the problem in different ways. The simplest solution is to deny access to SVN meta data directories from port 80 using a Web server configuration.
Tags: apache, email, Google, Information, IO, Javascript, php, script, security, way, XP
WidgetPad: web development for iPhone apps
My Clippings September 20th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Filed under: Internet Tools, Open Source, Developer
Sorting through the tips inbox, we encountered a new product that is coming out for the iPhone next week. It’s not an app, game, or anything we “normal folk” would use but it looks to be a great open source, web-based development platform for iPhone.
WidgetPad allows web developers to create iPhone applications using only their knowledge in web-based code. The software allows you to write your applications using web-based code and then transfer them to standalone apps for the iPhone or iPod touch.
We’re being told that the iPhone is only the beginning; the software will eventually translate to other smart phone platforms so that developers can quickly and easily export their applications for other app stores without re-writing the code. Here are some quick highlights:
- Create web-based applications that utilize each phone’s hardware capabilities.
- The environment includes and helps you learn HTML 5.
- It’s all open source. If you want another feature, you can help the development team create it.
- Each application is written within the software and can be publish directly to the iPhone (more platforms soon).
- Source code editing for Javascript, HTML 5 and CSS (with syntax highlighting).
- No additional software – all of the work is done directly from your browser.
I am not a developer, but I do some web design on occasion. I find it very interesting that I could create an iPhone application without learning Cocoa Touch and the Objective C language. I imagine that porting these apps to Palm’s WebOS would be quite simple since it’s already running a form of web-based code for its applications. If this software works well, we could not only see an increase in the already thriving iPhone developer world, but the smart phone app world as a whole. If you end up taking the leap, let us know what you find. We’ll keep you updated and let you know our results in a later post.
TUAWWidgetPad: web development for iPhone apps originally appeared on The Unofficial Apple Weblog (TUAW) on Tue, 15 Sep 2009 18:00:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Go to Source
Blumentals WeBuilder 10.0 RC2 & 9.52
My Clippings September 20th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
HTML, CSS, JavaScript, VBScript, PHP, ASP, SSI, WML, Perl editor without installation.
WeBuilder includes all features of HTMLPad, Rapid CSS & PHP.
Download Portable WeBuilder 10.0 RC2 on RapidShare (7.2 MB)
(md5: 3770d2fa3193c6a823d0a4497ced2ffd)
Download Portable WeBuilder 9.52 on RapidShare (6.5 MB)
(md5: 56b73ce8db6fd489202493807f2d9ef8)
Extract and run WeBuilderPortable.
PHP 5.2.11 will be downloaded if you check PHP Interpreter (Preview php page)
Tools/Preview In/Portable Firefox, Netscape or Opera if found.
Settings of installed WeBuilder should be preserved.
Midori – a lightweight Webkit-based browser – lands on Windows
My Clippings September 14th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Filed under: Windows, Linux, Open Source, Browsers
It’s important to note that Midori is still in the alpha stage – recently hitting 0.1.10 on Linux and the Windows binaries now on 0.1.8. If you’re after absolute stability, Midori might not be your thing. I experienced the occasional crash while playing with the interface, though it was plenty stable while surfing and utilizing web apps.
With the same six tabs open in Midori and Firefox 3.5.3 – including GMail and two javascript-heavy web apps – Midori used about 80Mb less memory, peaking at about 99Mb total. The browser doesn’t quite have Chrome’s rendering zippiness, but it’s still respectably fast.
So what else can Midori do? Apart from the expected features like tabbed browsing, and bookmark and history management it’s got support for Userscripts, Userstyles, the Netscape plugin architecture, and extensions. Search options can be customized as well and you can assign a token (i.e. preface with g to search with google).
Want to learn more about Midori yourself? Check the FAQ over at XFCE.org or download it yourself and take Midori for a spin!
Midori – a lightweight Webkit-based browser – lands on Windows originally appeared on Download Squad on Mon, 14 Sep 2009 13:30:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Sponsored Topics:
Google Chrome – Google – Midori – Mozilla Firefox – Browsers
Go to Source
Tags: email, gmail, Google, Inc., IO, Javascript, Linux, php, script, wind, XP
How to Build a Web Site from Scratch with No Experience [Feature]
My Clippings August 14th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
I took one (bad) computer science class in college, and I’m not a web developer. So in early 2008, when I decided I was finally going to build a web site I’d been fantasizing about for years, I was starting from scratch.
It’s Back to School week here at Lifehacker, and while we’ve been focusing much of our attention on the college-bound, we consider education a life-long endeavor. With that in mind, here’s a rundown of how I went from zero to a fully functioning, semi-successful web site in one year.
The site I had been dreaming of making ultimately became MixTape.me, a web-based music player where users can quickly create and share playlists with friends (see video above). This post isn’t about how great MixTape.me is (I love it, but it’s probably not the Next Big Thing), nor is it a snake oily, magic-pill-style guide to making your dreams come true. It’s more about how to make something you love in your spare time, even if that means you’re going to have to—*gasp*—work for it. It’s also just my experience. Your mileage and preferred path may vary. So let’s get started.
1. You Need a Goal and a Good Idea
Actually, rather than simply a good idea, what you really need is an idea you’re passionate about. (Presumably you won’t be passionate about a bad idea.) For my part, I wasn’t happy with any of the online solutions for making and sharing playlists online, and I had an image of one in my head that I was in love with. I was really excited about the idea, so spending time learning, researching, and working on it in my spare time was almost always a lot of fun—even when I was banging my head against the wall trying to figure out why something wasn’t working.
I had wanted to build MixTape.me years ago, and I even started a couple of times but ran out of steam. (It’s not always going to be easy balancing a full-time job with a side project, no matter how excited you are about it.) By January of 2008, starting and finishing the web site was my number one long term goal for the year. Not for the month. Not for the first six months. For the year. I knew this was going to take a lot of time, and I gave myself plenty of time. (Setting a goal a year in advance is serious business, but if it’s a goal that you consistently work toward through an entire year, reaching that goal by the end is seriously rewarding.)
Tags: AdSense, amazon, Apple, Build, flash, Google, IO, Javascript, Photo, script, video, way, XP
MailTo Encoder hides your email address from spambots
My Clippings August 4th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Filed under: Utilities, E-mail
Spam is a problem nearly as old as email itself. Sure, it’s 2009, but posting your email address on your website is still likely to invite spammers to let you know about the latest Viagra and Cialis deals. MailTo Encoder uses a bit of Javascript to obscure your address from spambots, while leaving it readable to actual humans.
From the user’s perspective, email links look exactly they way they normally would. The encoding and decoding all happen behind the scenes, thanks to some easy Javascript you can cut and paste. MailTo Encoder is a decent solution that gets the job done with minimal effect on the user experience, and it might beat setting up a contact form on your website.
MailTo Encoder hides your email address from spambots originally appeared on Download Squad on Tue, 04 Aug 2009 12:00:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Tags: email, Javascript, mailto, Spam, XP
MooTools Tutorials and Resources Round-Up
My Clippings July 28th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
   |
MooTools is a JavaScript framework that focus on being flexible, modular and compact. While still not on par in number of resources with other JavaScript frameworks such as jQuery, the MooTools community has generated a large number of articles, tutorials and third party plugins that can be considered and mature and sophisticated enough for most needs.
A word about MooTools
One of the core principles of MooTools is to provide a better application programming interface for JavaScript developers, making the language better by extending its native elements and providing more concise object oriented utilities.
As a consequence of that, some people may be inclined to think that MooTools treats browser scripting as a less important feature. Indeed, MooTools is not a DOM scripting toolkit, but the whole purpose of making JavaScript better is that developers have a more solid base over which to create readable, robust, reusable browser scripting libraries.
Articles/Tutorials
Starting points
The official documentation
A really good and complete documentation. It has a very intuitive format that makes it both an excellent reference and tutorial.
jQuery vs MooTools
A mature discussion on the differences between jQuery and MooTools.
MooTools for the non-programmer
A three part series of tutorials about MooTools targeted at non-programmers:
The MooWalkthrough
A wiki-based walk through MooTools intended to introducing the library.
The MooTorial
A collection of tutorials to guide MooTools’ newcomers.
MooTools classes
A basic view on MooTools’ use of classes and how it compares to other approaches.
Natives and Elements
Explains what are native types in JavaScript and how MooTools extends and provide means for anyone to extend their functionality. It also explains the Element class.
Select and create elements
Tutorial on how to select specific elements as well as how to create and insert new elements on the page.
30 days of MooTools
A series of tutorials about key features in MooTools. (It is still incomplete – it currently has 23 tutorials)
- Intro to the Library
- Selectors
- Intro to Using Arrays
- Functions
- Event Handling
- Manipulating HTML
- Set and Get Style Properties
- Input Filtering Part I – Numbers
- Input Filtering Part II – Strings
- Using FX.Tween
- Using Fx.Morph, Fx Options and Fx Events
Tags: css, email, Extract, flash, Javascript, Mac, Photo, Printing, video, wind, XP
JavaScript MailTo Link Generator
Code July 13th, 2009 by Shai Perednik
Very usefull javascript generator for creating complex mailto links.
jsCode.com :: JavaScript MailTo Link Generator.
Tags: email, Javascript, mailto
15+ handy bookmarklets to power up any browser
My Clippings July 9th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Bookmarklets can be incredibly handy. If you use multiple browsers, they’re a great way to ensure you don’t lose any of your favorite functions when switching back and forth. Maybe your browser doesn’t support extension or there aren’t many in the wild for it just yet – bookmarklets can provide many of the same functions.
Here are ten that I find particularly handy. If you’ve got a favorite, feel free to share the link in our comments!
BitLet [site] – Creates bitlet.org links from .torrent links for downloading without a client. Works nicely on popular sites like Mininova and TPB, and should work anywhere you find torrents.
Bugmenot [site] – Want to read an article on a site that requires registration? This one taps Bugmenots database for shared usernames and passwords so you don’t have to sign up.
Capture with Aviary [site] or Kwout [site] – Aviary offers some excellent browser-based image editing tools. Wait about 20 seconds for Aviary to capture your current page, and it will then open in their editor. Kwout is more lightweight, and is handy for quick, small captures (600px max) and sharing via Twitter, Facebook, Flickr, and more.
Continue reading 15+ handy bookmarklets to power up any browser
15+ handy bookmarklets to power up any browser originally appeared on Download Squad on Thu, 09 Jul 2009 11:00:00 EST. Please see our terms for use of feeds.
Permalink | Email this | Comments
Go to Source
Tags: Bookmarklets, email, Javascript
Speed test comparing iPhone 3G, 3GS, and Palm Pre has surprising results
My Clippings June 25th, 2009 by System
Automatically pulled from My Clippings on NewsGator Online
Filed under: iPhone
Gadget fans can fight endlessly about which device is faster than which, without resolution or relief. Fortunately for the weary, Medialets has found common ground between a few of the most popular smart phones to use as a racetrack.
According to Medialets, there is a common benchmarkable technology — JavaScript execution in a WebKit-based browser — that runs across four of the most popular phones: the iPhone 3G, the iPhone 3GS, the T-Mobile G1 with Android, and the Palm Pre. By running a benchmark test called SunSpider it is possible to obtain a rough speed comparison between all four devices.
The test was run on six different configurations: Safari on the 3G with iPhone OS v2.2.1, the 3G with OS v3.0, and the 3G S with OS v3.0; “Browser” on the T-Mobile G1 with Android OS v1.5; and “Web” on the Palm Pre with Web OS v.10.2, with a run of Safari 4.0.1 on a MacBook used as a baseline. Read on for the graph of the results.
Continue reading Speed test comparing iPhone 3G, 3GS, and Palm Pre has surprising results
TUAWSpeed test comparing iPhone 3G, 3GS, and Palm Pre has surprising results originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 25 Jun 2009 07:15:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Go to Source
Tags: Apple, email, ISO, Javascript, Mac
