From mikesz at qualityadvantages.com  Mon Oct  6 21:03:32 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 7 Oct 2008 09:03:32 +0800
Subject: [nycphp-talk] Timing an Input Form Entry
Message-ID: <1333632725.20081007090332@qualityadvantages.com>

Hello NYPHP,

Greetings to All,

I need to time how long it takes to fill out a registration form, from
when it is called to submission. I am trying to compare the time frame difference
between the form being manually filled out versus an automated script.

Any ideas or direction about how to do this would be enormously
appreciated.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From rolan at omnistep.com  Mon Oct  6 21:10:37 2008
From: rolan at omnistep.com (Rolan Yang)
Date: Mon, 06 Oct 2008 21:10:37 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <1333632725.20081007090332@qualityadvantages.com>
References: <1333632725.20081007090332@qualityadvantages.com>
Message-ID: <48EAB70D.1080208@omnistep.com>

Put the timestamp of when the page was first served as a hidden variable 
in the form. Then compare it to the time when it was submitted (after 
completed).

<input type="hidden" name="served" value="<?=time()?>">

~Rolan

mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
> Greetings to All,
>
> I need to time how long it takes to fill out a registration form, from
> when it is called to submission. I am trying to compare the time frame difference
> between the form being manually filled out versus an automated script.
>
> Any ideas or direction about how to do this would be enormously
> appreciated.
>
>   


From ramons at gmx.net  Mon Oct  6 21:16:34 2008
From: ramons at gmx.net (David Krings)
Date: Mon, 06 Oct 2008 21:16:34 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <48EAB70D.1080208@omnistep.com>
References: <1333632725.20081007090332@qualityadvantages.com>
	<48EAB70D.1080208@omnistep.com>
Message-ID: <48EAB872.4050203@gmx.net>

Rolan Yang wrote:
> <input type="hidden" name="served" value="<?=time()?>">
Isn't there one equal sign too many for value?


From lists at zaunere.com  Mon Oct  6 21:43:45 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Mon, 6 Oct 2008 21:43:45 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <48EAB872.4050203@gmx.net>
References: <1333632725.20081007090332@qualityadvantages.com>	<48EAB70D.1080208@omnistep.com>
	<48EAB872.4050203@gmx.net>
Message-ID: <001b01c9281e$22be5a40$683b0ec0$@com>

> > <input type="hidden" name="served" value="<?=time()?>">
>
> Isn't there one equal sign too many for value?

That's the short tag syntax we all love:

http://us.php.net/manual/en/ini.core.php#ini.short-open-tag

http://us.php.net/manual/en/language.basic-syntax.php

H




From ramons at gmx.net  Mon Oct  6 22:02:00 2008
From: ramons at gmx.net (David Krings)
Date: Mon, 06 Oct 2008 22:02:00 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <001b01c9281e$22be5a40$683b0ec0$@com>
References: <1333632725.20081007090332@qualityadvantages.com>	<48EAB70D.1080208@omnistep.com>	<48EAB872.4050203@gmx.net>
	<001b01c9281e$22be5a40$683b0ec0$@com>
Message-ID: <48EAC318.7000202@gmx.net>

Hans Zaunere wrote:
>>> <input type="hidden" name="served" value="<?=time()?>">
>> Isn't there one equal sign too many for value?
> 
> That's the short tag syntax we all love:
> 
> http://us.php.net/manual/en/ini.core.php#ini.short-open-tag
> 
> http://us.php.net/manual/en/language.basic-syntax.php
> 
> H

Thanks for the hint. Shows that I neither know the shortcuts nor what output 
tim() produces.

Just keep on coding....don't pay attention to the guy brabbling in the corner.

David


From tedd at sperling.com  Tue Oct  7 08:26:55 2008
From: tedd at sperling.com (tedd)
Date: Tue, 7 Oct 2008 08:26:55 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <001b01c9281e$22be5a40$683b0ec0$@com>
References: <1333632725.20081007090332@qualityadvantages.com>
	<48EAB70D.1080208@omnistep.com>	<48EAB872.4050203@gmx.net>
	<001b01c9281e$22be5a40$683b0ec0$@com>
Message-ID: <p06240805c51105b8c352@[192.168.1.101]>

At 9:43 PM -0400 10/6/08, Hans Zaunere wrote:
>  > > <input type="hidden" name="served" value="<?=time()?>">
>>
>>  Isn't there one equal sign too many for value?
>
>That's the short tag syntax we all love:

Count me out of that "love".

I hate seeing that in code because I always have to change it to 
what's correct.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From brenttech at gmail.com  Tue Oct  7 08:42:26 2008
From: brenttech at gmail.com (Brent Baisley)
Date: Tue, 7 Oct 2008 08:42:26 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <48EAB70D.1080208@omnistep.com>
References: <1333632725.20081007090332@qualityadvantages.com>
	<48EAB70D.1080208@omnistep.com>
Message-ID: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com>

If you put a time stamp in the form, you should also include a "check"
to make sure the time was not changed and/or forged (which is very
easy to do).
An easy way to do this is to include another hidden field that is an
md5 hash of the time plus a secret pass phrase that only resides on
the server. When the form is submitted, you take the submitted time
plus the pass phrase md5 hash and make sure it matches the submitted
md5 hash.
Ideally your md5 hash would use more than 2 pieces of information, but
you get the idea.

Brent Baisley

On Mon, Oct 6, 2008 at 9:10 PM, Rolan Yang <rolan at omnistep.com> wrote:
> Put the timestamp of when the page was first served as a hidden variable in
> the form. Then compare it to the time when it was submitted (after
> completed).
>
> <input type="hidden" name="served" value="<?=time()?>">
>
> ~Rolan
>
> mikesz at qualityadvantages.com wrote:
>>
>> Hello NYPHP,
>>
>> Greetings to All,
>>
>> I need to time how long it takes to fill out a registration form, from
>> when it is called to submission. I am trying to compare the time frame
>> difference
>> between the form being manually filled out versus an automated script.
>>
>> Any ideas or direction about how to do this would be enormously
>> appreciated.
>>
>>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From tmpvar at gmail.com  Tue Oct  7 08:47:03 2008
From: tmpvar at gmail.com (Elijah Insua)
Date: Tue, 7 Oct 2008 05:47:03 -0700
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com>
References: <1333632725.20081007090332@qualityadvantages.com>
	<48EAB70D.1080208@omnistep.com>
	<5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com>
Message-ID: <2b4feca10810070547ga57463x6dc6c3b0c49743a4@mail.gmail.com>

store the time in the users session and check it on post/get

On Tue, Oct 7, 2008 at 5:42 AM, Brent Baisley <brenttech at gmail.com> wrote:

> If you put a time stamp in the form, you should also include a "check"
> to make sure the time was not changed and/or forged (which is very
> easy to do).
> An easy way to do this is to include another hidden field that is an
> md5 hash of the time plus a secret pass phrase that only resides on
> the server. When the form is submitted, you take the submitted time
> plus the pass phrase md5 hash and make sure it matches the submitted
> md5 hash.
> Ideally your md5 hash would use more than 2 pieces of information, but
> you get the idea.
>
> Brent Baisley
>
> On Mon, Oct 6, 2008 at 9:10 PM, Rolan Yang <rolan at omnistep.com> wrote:
> > Put the timestamp of when the page was first served as a hidden variable
> in
> > the form. Then compare it to the time when it was submitted (after
> > completed).
> >
> > <input type="hidden" name="served" value="<?=time()?>">
> >
> > ~Rolan
> >
> > mikesz at qualityadvantages.com wrote:
> >>
> >> Hello NYPHP,
> >>
> >> Greetings to All,
> >>
> >> I need to time how long it takes to fill out a registration form, from
> >> when it is called to submission. I am trying to compare the time frame
> >> difference
> >> between the form being manually filled out versus an automated script.
> >>
> >> Any ideas or direction about how to do this would be enormously
> >> appreciated.
> >>
> >>
> >
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> >
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> >
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081007/1413bf84/attachment.html>

From tedd at sperling.com  Tue Oct  7 08:55:18 2008
From: tedd at sperling.com (tedd)
Date: Tue, 7 Oct 2008 08:55:18 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <1333632725.20081007090332@qualityadvantages.com>
References: <1333632725.20081007090332@qualityadvantages.com>
Message-ID: <p06240806c511063ee2b9@[192.168.1.101]>

At 9:03 AM +0800 10/7/08, mikesz at qualityadvantages.com wrote:
>Hello NYPHP,
>
>Greetings to All,
>
>I need to time how long it takes to fill out a registration form, from
>when it is called to submission. I am trying to compare the time 
>frame difference
>between the form being manually filled out versus an automated script.
>
>Any ideas or direction about how to do this would be enormously
>appreciated.
>
>--
>Best regards,
>  mikesz                          mailto:mikesz at qualityadvantages.com

mikesz:

To time form submission is a reasonable safeguard check.

It's nothing to time it, just check server-side when the form is 
served to the browser and when the form is submitted back to the 
server. Here's a demo with code:

http://www.webbytedd.com/b/timed-form

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From paulcheung at tiscali.co.uk  Tue Oct  7 11:25:42 2008
From: paulcheung at tiscali.co.uk (PaulCheung)
Date: Tue, 7 Oct 2008 16:25:42 +0100
Subject: [nycphp-talk] E-Commerce Shopping Carts
References: <0K80001GJAB5CFT0@mta5.srv.hcvlny.cv.net>
Message-ID: <B5ED081D421141DA99233A12ACAFDB7C@X9183>

Hi Michele

Thanks for your help, it was and still is very much appreciated. Just to let 
you know I am using a UK providor named PROTX and they have thing called 
VSPxxxxx-KIT which follows a lot of what you discribe plus lots of PHPcoded 
examples of all the bits and bobs needed for the shopping cart. So once 
again thank you for your help.

Paul

----- Original Message ----- 
From: "(Margaret) Michele Waldman" <mmwaldman at optonline.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Tuesday, September 30, 2008 12:23 PM
Subject: RE: [nycphp-talk] E-Commerce Shopping Carts


> Paul,
>
> Are you writing a shopping cart from scatch.
>
> I don't think this is the easiest way to implement a shopping cart.
>
> There are two open source shopping carts that I know about, oscommerce and
> zencart.  Plus, there are many inexpensive shopping carts.
>
> Zencart handles the payment notifications.  If you use a non supported or
> merchant that doesn't have a plugin available, you have to write some of
> the
> gateway yourself, but all of the email notifications come canned.
>
> As far as the payment gateway.  If I'm correct, via curl or whatever you
> sent connect to the merchant and request a payment, they return a success
> or
> non success value, after which you can send an email.
>
> You get the response right away, so I don't know why you want to poll.
>
> Here's so snippets of code:
>
>   $QBMS_XML_Credit_Card_Charge = '<?xml version="1.0"?>
>                                 <?qbmsxml version="2.0"?>
>
> <QBMSXML>
>
> <SignonMsgsRq>'.$QBMS_Auth.'
>
> </SignonMsgsRq>
>
> <QBMSXMLMsgsRq>
>
> <CustomerCreditCardChargeRq>
>
> <TransRequestID>'.$QBMS_TransRequestID.'</TransRequestID>
>
> <CreditCardNumber>'.$_POST['CreditCardNumber'].'</CreditCardNumber>
>
> <ExpirationMonth>'.$_POST['ExpirationMonth'].'</ExpirationMonth>
>
> <ExpirationYear>'.$_POST['ExpirationYear'].'</ExpirationYear>
>
> <IsECommerce>true</IsECommerce>
>
> <Amount>'.$_POST['Amount'].'</Amount>
>
> <NameOnCard>'.$_POST['CreditCardOwner'].'</NameOnCard>
>
> <CreditCardAddress>'.$_POST['CreditCardAddress'].'</CreditCardAddress>
>
> <CreditCardPostalCode>'.$_POST['CreditCardPostalCode'].'</CreditCardPostalCo
> de>
>
> <CardSecurityCode>'.$_POST['CardSecurityCode'].'</CardSecurityCode>
>
> </CustomerCreditCardChargeRq>
>
> </QBMSXMLMsgsRq>
>
> </QBMSXML>';
>   $QBMS_chargeRq = $this->qbms_call($QBMS_ApplicationPath,
> $QBMS_XML_Credit_Card_Charge, MODULE_PAYMENT_QBMS_SSL_CERT);
>
> // Get the statusCode
>   $QBMS_ChargeRq_Status = 1;
>   $posLeft  = strpos($QBMS_chargeRq, "<CustomerCreditCardChargeRs
> statusCode=\"")+strlen("<CustomerCreditCardChargeRs statusCode=\"");
>   $posRight = strpos($QBMS_chargeRq, "\"", $posLeft+1);
>   $QBMS_ChargeRq_Status = intval(substr($QBMS_chargeRq, $posLeft,
> $posRight-$posLeft));
>
> // QBMS will return statusCode="0" or "10100" if charge was
> successful
> switch ($QBMS_ChargeRq_Status)
>    {
>   case 0:
>   case 10100:
> $this->qbms_charge_success($QBMS_chargeRq);
> return;
>      case 10301:
>   case 10400:
>   case 10401:
>   case 10402:
>   case 10404:
>   case 10407:
>   case 10409:
> $error = MODULE_PAYMENT_QBMS_TEXT_DECLINED;
> break;
>   default:
> $error = MODULE_PAYMENT_QBMS_TEXT_SYSTEM_ERROR . " " .
> $QBMS_ChargeRq_Status . " <!--" . $QBMS_chargeRq . "-->";
> break;
>    }
> $payment_error_return = 'payment_error=' . $this->code . '&error=' .
> urlencode($error) . '&qbms_cc_owner=' .
> urlencode($_POST['CreditCardOwner'])
> . '&qbms_cc_expires_month=' . $_POST['ExpirationMonth'] .
> '&qbms_cc_expires_year=' . $_POST['ExpirationYear'];
>    zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT,
> $payment_error_return, 'SSL', true, false));
>  }
>
>
>  function qbms_call($qbmsURL, $qbmsRequest, $qbmsCert) {
>    global $_POST;
>    $PHP_Header[] = "Content-type: application/x-qbmsxml";
> $PHP_Header[] = "Content-length: ".strlen($qbmsRequest);
>
> $clientURL = curl_init();
>
> curl_setopt($clientURL, CURLOPT_POST, 1);
> curl_setopt($clientURL, CURLOPT_RETURNTRANSFER, 1);
> curl_setopt($clientURL, CURLOPT_CUSTOMREQUEST, 'POST');
> curl_setopt($clientURL, CURLOPT_URL, $qbmsURL);
> // curl_setopt($clientURL, CURLOPT_TIMEOUT, 60);
> curl_setopt($clientURL, CURLOPT_HTTPHEADER, $PHP_Header);
> curl_setopt($clientURL, CURLOPT_POSTFIELDS, $qbmsRequest);
> curl_setopt($clientURL, CURLOPT_VERBOSE, 1);
> curl_setopt($clientURL, CURLOPT_SSL_VERIFYPEER, 1);
> // if (MODULE_PAYMENT_QBMS_HOSTEDORDESKTOP == 'Hosted') {
> //     curl_setopt($clientURL, CURLOPT_SSLCERT, $qbmsCert);
> //    }
>   curl_setopt($clientURL, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
> //??
>   curl_setopt ($clientURL, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
>   curl_setopt ($clientURL,
> CURLOPT_PROXY,"http://proxy.shr.secureserver.net:3128");
> //    if (MODULE_PAYMENT_QBMS_IP_ADDRESS != '') {
> //    curl_setopt($clientURL, CURLOPT_INTERFACE,
> MODULE_PAYMENT_QBMS_IP_ADDRESS);
> //    }
>
> $qbmsResponse = curl_exec($clientURL);
>
> if ((curl_errno($clientURL)) || ($qbmsResponse == 1)) {
>
>      $curlerrno = curl_errno($clientURL);
>   $error = MODULE_PAYMENT_QBMS_TEXT_SYSTEM_ERROR;
>      $payment_error_return = 'payment_error=' . $this->code . '&error=' .
> urlencode($error) . '&qbms_cc_owner=' .
> urlencode($_POST['CreditCardOwner'])
> . '&qbms_cc_expires_month=' . $_POST['ExpirationMonth'] .
> '&qbms_cc_expires_year=' . $_POST['ExpirationYear'];
>      zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT,
> $payment_error_return, 'SSL', true, false));
> } else {
>   curl_close($clientURL);
> }
>
> return $qbmsResponse;
>  }
>
> Michele
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On
> Behalf Of PaulCheung
> Sent: Tuesday, September 30, 2008 4:49 AM
> To: NYPHP Talk
> Subject: [nycphp-talk] E-Commerce Shopping Carts
>
> Hi,
>
> Can anybody help?? I have run into a major problem, I do not understand
> how
> shopping carts work. I have tried asking technical support of the likes of
> PayPal, while they are all very knowledgeable businesswise, they are not
> PHP
>
> developers. I was told that I should check my email periodically.
>
> As a shopping cart newbie using PHP, I am lost. I understand it is develop
> myself or much the easiest and best way is to use a shopping cart, which I
> agree with.
>
>>From a merchant's point of view, here is what I want. Once payment has
>>been
>
> made and confirmed, I want a token confirming payment (payment info) to be
> sent to my site and then, without manual intervention, I want to dispatch
> a
> confirmation email to the customer an invoice and then the goods/services
> to
>
> the customer.
>
> Is there a way of  automatically polling for this info?? Is there a better
> of doing things??
>
> Cheers
>
> Paul
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From lists at zaunere.com  Tue Oct  7 12:35:12 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 7 Oct 2008 12:35:12 -0400
Subject: [nycphp-talk] new vs clone Performance
Message-ID: <00ab01c9289a$ababd6d0$03038470$@com>

Hi all,

Out of curiosity, I wanted to get some benchmarks on using the new operator
vs cloning.  I wrote a simple script, attached, which is fun to play with.
Upshot:  clone is faster if used correctly (and depending on the object's
operations).  Also some interesting observations in the script itself, and
I'm interested in hearing other's observations/experiences.

By the way, PHP Meetup tonight at Pound & Pence:  http://php.meetup.com/430/

See you there.

Best,

---
Hans Zaunere / Managing Member / New York PHP
      www.nyphp.org  / ?www.nyphp.com 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: new-vs-clone-performance.psh
Type: application/octet-stream
Size: 1495 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081007/35ee2350/attachment.obj>

From chsnyder at gmail.com  Tue Oct  7 12:44:37 2008
From: chsnyder at gmail.com (csnyder)
Date: Tue, 7 Oct 2008 12:44:37 -0400
Subject: [nycphp-talk] new vs clone Performance
In-Reply-To: <00ab01c9289a$ababd6d0$03038470$@com>
References: <00ab01c9289a$ababd6d0$03038470$@com>
Message-ID: <b76252690810070944n602baa8fq5a430c8046b533ba@mail.gmail.com>

On Tue, Oct 7, 2008 at 12:35 PM, Hans Zaunere <lists at zaunere.com> wrote:
>
> Out of curiosity, I wanted to get some benchmarks on using the new operator
> vs cloning.  I wrote a simple script, attached, which is fun to play with.
> Upshot:  clone is faster if used correctly (and depending on the object's
> operations).  Also some interesting observations in the script itself, and
> I'm interested in hearing other's observations/experiences.
>

By faster, how much faster do you mean?

I never really thought of doing this kind of optimization, but it
would be pretty easy to re-pattern object creation _if it was
significantly faster_. The script ran out of memory on my Mac, what
kind of speedup are you seeing, Hans?

  chris.


From lists at zaunere.com  Tue Oct  7 12:53:49 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 7 Oct 2008 12:53:49 -0400
Subject: [nycphp-talk] new vs clone Performance
In-Reply-To: <b76252690810070944n602baa8fq5a430c8046b533ba@mail.gmail.com>
References: <00ab01c9289a$ababd6d0$03038470$@com>
	<b76252690810070944n602baa8fq5a430c8046b533ba@mail.gmail.com>
Message-ID: <00b801c9289d$4596ff70$d0c4fe50$@com>

> > Out of curiosity, I wanted to get some benchmarks on using the new operator
> > vs cloning.  I wrote a simple script, attached, which is fun to play with.
> > Upshot:  clone is faster if used correctly (and depending on the object's
> > operations).  Also some interesting observations in the script itself, and
> > I'm interested in hearing other's observations/experiences.
> >
> 
> By faster, how much faster do you mean?

Run the script :)

It depends a lot on the class (and the use of __clone() and the heaviness of the class initialization in __construct()) but I was seeing consistent 20% - 30% across various classes.  It's fun to play around with, using various builtin classes, and user defined ones.  Sometimes, though, the increase was dramatic (use stdClass for example).

> I never really thought of doing this kind of optimization, but it
> would be pretty easy to re-pattern object creation _if it was
> significantly faster_. The script ran out of memory on my Mac, what
> kind of speedup are you seeing, Hans?

Put $OCount to something smaller, like 100,000 or 10,000

Significantly faster will be a hard thing to quantify.  Doing $OCount runs of 1,000,000 typically yielded only a fraction of seconds improvements (and that's when creating 1 million objects which no application really does).  So I'm not sure how much of a real improvement this would have for a typical application.

That said, the reason I started investigating this was because of APC.  Theory being, create objects upon first request when the server comes online, cache them in APC, and then clone them as needed during subsequent requests.  Depending on the object's initialization pattern, this could yield some real per-request performance gains.

Of course, investigating APC's performance is TBD.  Long story short, APC's dopy serialization/un-serialization of variables may make this all moot.

---
Hans Zaunere / Managing Member / New York PHP
      www.nyphp.org  /  www.nyphp.com 





From rahmin at insite-out.com  Tue Oct  7 14:56:24 2008
From: rahmin at insite-out.com (Rahmin Pavlovic)
Date: Tue, 7 Oct 2008 14:56:24 -0400
Subject: [nycphp-talk] cURL question
In-Reply-To: <00b801c9289d$4596ff70$d0c4fe50$@com>
References: <00ab01c9289a$ababd6d0$03038470$@com>
	<b76252690810070944n602baa8fq5a430c8046b533ba@mail.gmail.com>
	<00b801c9289d$4596ff70$d0c4fe50$@com>
Message-ID: <C95F2BAB-62AD-417E-9ADB-6B17A9D33ABA@insite-out.com>

Hi, all:

I'm wondering what the best way to do this is (may not be cURL):

I'm currently building an API to connect to an HTTPS server.  My first  
script POSTs login data as cleartext by way of cURL.  The HTTPS server  
throws a secure cookie back at me, set to expire within 24 hours.  So  
far, so good.

Within that 24 hour period, I'd like a separate script (on the same  
server) to make subsequent requests; passing the authentication along  
such that HTTPS knows who I am.

What's the best way to do that?

Am I trying to re-invent the wheel here?


From ka at kacomputerconsulting.com  Tue Oct  7 15:32:12 2008
From: ka at kacomputerconsulting.com (Kristina Anderson)
Date: Tue, 7 Oct 2008 12:32:12 -0700
Subject: [nycphp-talk] front end list address
Message-ID: <1223407932.32036@coral.he.net>

Anyone remember the email address for that "front end dev/CSS" list 
that's been mentioned?

Thanks.

-- Kristina 


From ramons at gmx.net  Tue Oct  7 15:45:13 2008
From: ramons at gmx.net (David Krings)
Date: Tue, 07 Oct 2008 15:45:13 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com>
References: <1333632725.20081007090332@qualityadvantages.com>	<48EAB70D.1080208@omnistep.com>
	<5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com>
Message-ID: <48EBBC49.8080707@gmx.net>

Brent Baisley wrote:
> If you put a time stamp in the form, you should also include a "check"
> to make sure the time was not changed and/or forged (which is very
> easy to do).

I think this is just for test metrics. While it is right that one can do that 
I doubt it applies in this case.

David


From michael.southwell at nyphp.com  Tue Oct  7 15:50:54 2008
From: michael.southwell at nyphp.com (Michael Southwell)
Date: Tue, 07 Oct 2008 15:50:54 -0400
Subject: [nycphp-talk] front end list address
In-Reply-To: <1223407932.32036@coral.he.net>
References: <1223407932.32036@coral.he.net>
Message-ID: <48EBBD9E.7070001@nyphp.com>

Kristina Anderson wrote:
> Anyone remember the email address for that "front end dev/CSS" list 
> that's been mentioned?

http://lists.nyphp.org/mailman/listinfo



-- 
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING:  http://nyphp.com/Training/Indepth


From tmpvar at gmail.com  Tue Oct  7 16:06:56 2008
From: tmpvar at gmail.com (Elijah Insua)
Date: Tue, 07 Oct 2008 13:06:56 -0700
Subject: [nycphp-talk] cURL question
In-Reply-To: <C95F2BAB-62AD-417E-9ADB-6B17A9D33ABA@insite-out.com>
References: <00ab01c9289a$ababd6d0$03038470$@com>	<b76252690810070944n602baa8fq5a430c8046b533ba@mail.gmail.com>	<00b801c9289d$4596ff70$d0c4fe50$@com>
	<C95F2BAB-62AD-417E-9ADB-6B17A9D33ABA@insite-out.com>
Message-ID: <48EBC160.6050306@gmail.com>

Rahmin,

As best practice you should secure your login data by sending it over 
https. 

Curl handles cookies rather well and should work for your needs.

Regards,
Elijah Insua


>
>
> I'm currently building an API to connect to an HTTPS server.  My first 
> script POSTs login data as cleartext by way of cURL.  The HTTPS server 
> throws a secure cookie back at me, set to expire within 24 hours.  So 
> far, so good.
>
> Within that 24 hour period, I'd like a separate script (on the same 
> server) to make subsequent requests; passing the authentication along 
> such that HTTPS knows who I am.
>
> What's the best way to do that?
>
> Am I trying to re-invent the wheel here?
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



From 1j0lkq002 at sneakemail.com  Tue Oct  7 16:59:58 2008
From: 1j0lkq002 at sneakemail.com (inforequest)
Date: Tue, 07 Oct 2008 13:59:58 -0700
Subject: [nycphp-talk] [OT] notebook recommendations - last call, Lenovo
	T400 or T61?? 
In-Reply-To: <01c701c8f9c2$c1b20460$45160d20$@com>
References: <000101c8f818$17998620$46cc9260$@com>
	<32075-68096@sneakemail.com>	<847-77570@sneakemail.com>
	<01c701c8f9c2$c1b20460$45160d20$@com>
Message-ID: <6547-93446@sneakemail.com>

Hans Zaunere lists-at-zaunere.com |nyphp MAIN ONE dev/internal group 
use| wrote:

>>On the (excellent) advice of the PHP community almost 4 years ago, I
>>bought a Thinkpad t42p. I still love it but it's time to plan retirement.
>>
>>Can anyone recommend the Lenovo t61p as a replacement, or is there
>>something clearly better? No, I'm not going to switch to a mac. Thanks.
>>    
>>
>
>I'm not paid, but I would definitely go with another Lenovo.  I have the
>T61P and the only thing I'm waiting for is getting the new T400/T500.
>  
>

Yes I know I started looking for a new notebook  2 months ago but I've 
been busy! -- now it's "last call" and I wonder if anyone has real-world 
experience with the new T400 vs. the T61?





From lists at zaunere.com  Tue Oct  7 17:27:13 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 7 Oct 2008 17:27:13 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
Message-ID: <00ed01c928c3$7715a210$6540e630$@com>

Hello,

So people post blogs, which may include a youtube link or image or href
embedded.

In one part of the application, they want to show only the first X number of
characters, before forcing a user to login.  So we need to cut the submitted
text at this character count, yet, of course, not cut in the middle of a
tag.

This has turned into a considerable annoyance and I'm wondering if anyone
has a quick tip/pointer to a resource to solve this - without writing
excessive text parsing code.

My general plan (although I hope someone has something better) is to:

-- write a function like DeltaOffsets( $Raw, $Stripped)  where $Raw is the
$Raw post and $Stripped is the post run through strip_tags.

-- the function would return an array with the positions relative to the
$Raw post of where the stripped text has started/stopped.

-- then upon writing to the browser, we could intelligently insert stripped
tags up to the cut-off-point of real text (ie, not counting the stripped
tags).

Although this seems like a lot of work for something that must be done all
the time, right?  Thoughts on how the other blog engines handle this?
There's got to be an easier way...?

Yes, security is another issue...

H




From ka at kacomputerconsulting.com  Tue Oct  7 20:19:43 2008
From: ka at kacomputerconsulting.com (Kristina Anderson)
Date: Tue, 7 Oct 2008 17:19:43 -0700
Subject: [nycphp-talk] front end list address
Message-ID: <1223425183.29817@coral.he.net>

Thanks Michael!

> Kristina Anderson wrote:
> > Anyone remember the email address for that "front end dev/CSS" 
list 
> > that's been mentioned?
> 
> http://lists.nyphp.org/mailman/listinfo
> 
> 
> 
> -- 
> =================
> Michael Southwell
> Vice President, Education
> NYPHP TRAINING:  http://nyphp.com/Training/Indepth
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 

-------------------
Kristina


From jcampbell1 at gmail.com  Tue Oct  7 21:19:25 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Tue, 7 Oct 2008 21:19:25 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <00ed01c928c3$7715a210$6540e630$@com>
References: <00ed01c928c3$7715a210$6540e630$@com>
Message-ID: <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>

On Tue, Oct 7, 2008 at 5:27 PM, Hans Zaunere <lists at zaunere.com> wrote:
> In one part of the application, they want to show only the first X number of
> characters, before forcing a user to login.  So we need to cut the submitted
> text at this character count, yet, of course, not cut in the middle of a
> tag.
>
> This has turned into a considerable annoyance and I'm wondering if anyone
> has a quick tip/pointer to a resource to solve this - without writing
> excessive text parsing code.

Interesting question, I have searched unsuccessfully for a solution to
this in the past with no luck.

I hacked together a solution for you, but I am not sure I would put it
in production.  It is reasonably safe because it escapes everything it
doesn't recognize as a tag.  If you use it, I would filter out all but
a whitelist of tags (e.g. a,b,i,blockquote,strong) before passing it
to the function.

See the code at:
http://php.pastebin.com/f7f5262cb

The safest approach is probably to pass the html through tidy, and
then into DOM, and traverse and count the length of text nodes, but
that would be quite slow if you ran it on every request.

Regards,
John Campbell


From chsnyder at gmail.com  Wed Oct  8 14:15:38 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 8 Oct 2008 14:15:38 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
References: <00ed01c928c3$7715a210$6540e630$@com>
	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
Message-ID: <b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>

On Tue, Oct 7, 2008 at 9:19 PM, John Campbell <jcampbell1 at gmail.com> wrote:

> The safest approach is probably to pass the html through tidy, and
> then into DOM, and traverse and count the length of text nodes, but
> that would be quite slow if you ran it on every request.

Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't
need to do it on every request -- you can either store the summary
itself as a separate text field, or store the length of the summary as
an integer.

This is crying out for a web service: The Excerpter. POST markup, get
the first X display characters back as a response, with embedded HTML
intact.


Chris Snyder
http://chxor.chxo.com/


From kenrbnsn at rbnsn.com  Wed Oct  8 14:53:33 2008
From: kenrbnsn at rbnsn.com (Ken Robinson)
Date: Wed, 8 Oct 2008 14:53:33 -0400
Subject: [nycphp-talk] Integrating Drupal 6 & KnowledgeTree
In-Reply-To: <b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
References: <00ed01c928c3$7715a210$6540e630$@com>	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
	<b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
Message-ID: <018601c92977$2b359a30$81a0ce90$@com>

Hi,

Does anyone on the list have experience integrating Drupal 6 & KnowledgeTree?

I've installed Knowledge Tree and the KT Module. It seems to work, except that when I connect from within Drupal, the output is restricted to a very small area of the screen and there are no scrollbars.

Ken



From tegwe002 at umn.edu  Wed Oct  8 16:19:45 2008
From: tegwe002 at umn.edu (Joelle Tegwen)
Date: Wed, 08 Oct 2008 15:19:45 -0500
Subject: [nycphp-talk] Restian PHP on IIS with encoded urls
Message-ID: <48ED15E1.7040204@umn.edu>

I'm writing a web services application on PHP 5.2. I develop on 
Linux/Apache but our test/production servers are running IIS 6 So I'm 
kind of clueless about how to configure IIS.

Thanks in advance for any assistance.

The problem that I'm having is that IIS is decoding encoded portions of 
my urls before they hit php, and that is making parsing an encoded rest 
url very difficult.

I did google this and found a server variable "UNENCODED_URL" but it 
doesn't seem to be populated on my server. I found some references to 
the IIS Metabase, but nothing about what I would change to get what I 
want out of the server.


Short version of the question:
How do I get the original encoded URL in IIS?


The URL I'm parsing is:
http://localhost/resources/services.php/ttaf/transform/http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Fcaptions_ici_ttf.xml/http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Ftranscript.xsl
Which I want to parse to
    ttaf
    transform
    http%3A%2F%2Flocalhost%2Fici%2Fwelcome%2Fcaptions_ici_ttf.xml
    http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Ftranscript.xsl


Long explanation if needed/useful:

To reduce the complexity of maintaining web server environments on 
several machines (developer and servers) we try to do everything inside 
of native PHP. This means no mod_rewrite or similar tools unless they 
are irreplaceable.


In Apache I get
    [REQUEST_URI] => 
/resources/services.php/ttaf/transform/http%3A%2F%2Flocalhost%2Fsandbox%2Fflashxslt%2Fcaptions_ici_ttf.xml/http%3A%2F%2Flocalhost%2Fsandbox%2Fflashxslt%2Ftranscript.xsl
    [SCRIPT_NAME] => /resources/services.php
 which I can then parse out.

In IIS I get:
[PATH_INFO] => 
/ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl
    [PATH_TRANSLATED] => 
c:/inetpub/wwwroot/ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welc
    [ORIG_PATH_INFO] => 
/resources/services.php/ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl
   [ORIG_PATH_TRANSLATED] => 
c:\inetpub\wwwroot\resources\services.php\ttaf\transform\http:\icitest1.education.umn.edu\ici\welcome\captions_ici_ttf.xml\http:\icitest1.education.umn.edu\ici\welcome\transcript.xsl

But they're all already decoded.

Thanks!
Joelle


From jeff987654 at yahoo.com  Wed Oct  8 16:36:29 2008
From: jeff987654 at yahoo.com (Jeff Siegel)
Date: Wed, 8 Oct 2008 13:36:29 -0700 (PDT)
Subject: [nycphp-talk] Determine if your site has been defaced
Message-ID: <610851.13440.qm@web110008.mail.gq1.yahoo.com>

Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced?

Thanks,

Jeff


      



From dcech at phpwerx.net  Wed Oct  8 16:39:57 2008
From: dcech at phpwerx.net (Dan Cech)
Date: Wed, 08 Oct 2008 16:39:57 -0400
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
Message-ID: <48ED1A9D.50504@phpwerx.net>

Jeff Siegel wrote:
> Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced?

cURL + preg would do the trick I'd imagine.

Dan


From tim_lists at o2group.com  Wed Oct  8 16:43:03 2008
From: tim_lists at o2group.com (Tim Lieberman)
Date: Wed, 8 Oct 2008 14:43:03 -0600
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
Message-ID: <3399FDD7-4124-4C5A-B814-C47C12A6FAED@o2group.com>

Pretty trivial to write one if you can come up with a decent  
definition for "defaced".

For what's supposed to be a static page, you could use "Changed" as  
the definition for defaced.

If the content changes, you could test for some string that should  
always be there.

Either one can probably be tested in just a handful of lines of PHP.

-Tim

On Oct 8, 2008, at 2:36 PM, Jeff Siegel wrote:

> Anyone know of a PHP script that can be run from a cron and which  
> can check whether a website has been defaced?
>
> Thanks,
>
> Jeff
>
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From codebowl at gmail.com  Wed Oct  8 16:43:49 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 8 Oct 2008 16:43:49 -0400
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
Message-ID: <97119C14-E35B-4E5B-8B2B-3DB395BA3340@gmail.com>

there is a nice os x application that can be used for this, I am not  
sure if you use OS X though :)

http://sunflower.coleharbour.ca/


On Oct 8, 2008, at 4:36 PM, Jeff Siegel wrote:

> Anyone know of a PHP script that can be run from a cron and which  
> can check whether a website has been defaced?
>
> Thanks,
>
> Jeff
>
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From jcampbell1 at gmail.com  Wed Oct  8 16:45:38 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Wed, 8 Oct 2008 16:45:38 -0400
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
Message-ID: <8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com>

On Wed, Oct 8, 2008 at 4:36 PM, Jeff Siegel <jeff987654 at yahoo.com> wrote:
> Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced?

I use Google Alerts, and use a search query like:

site:example.com viagra OR levitra OR cialis OR penis OR hacked

It's not fool proof, but it takes about 10 seconds to setup.

Regards,
John Campbell


From sbeam at onsetcorps.net  Wed Oct  8 16:53:33 2008
From: sbeam at onsetcorps.net (sbeam)
Date: Wed, 8 Oct 2008 16:53:33 -0400
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <48ED1A9D.50504@phpwerx.net>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
	<48ED1A9D.50504@phpwerx.net>
Message-ID: <200810081653.33634.sbeam@onsetcorps.net>

On Wednesday 08 October 2008 16:39, Dan Cech wrote:
> Jeff Siegel wrote:
> > Anyone know of a PHP script that can be run from a cron and which can
> > check whether a website has been defaced?
>
> cURL + preg would do the trick I'd imagine.

interesting :) but yeah PHP is not needed.

also md5/sha1 might do the trick, combined with curl

GOODHASH=399257fc956120012baf094ffd7eed9b; \
HASH=`curl -s www.yoursite.com | md5sum`; \
if [ "$HASH" != "$GOODHASH" ]; then mail -s "uh-oh" you at yoursite.com; fi

where you first get the value of "GOODHASH" with the same command as in HASH 
above.

enjoy,
Sam


From chsnyder at gmail.com  Wed Oct  8 17:02:46 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 8 Oct 2008 17:02:46 -0400
Subject: [nycphp-talk] Restian PHP on IIS with encoded urls
In-Reply-To: <48ED15E1.7040204@umn.edu>
References: <48ED15E1.7040204@umn.edu>
Message-ID: <b76252690810081402s272862cbq32a1cdeee7311da@mail.gmail.com>

On Wed, Oct 8, 2008 at 4:19 PM, Joelle Tegwen <tegwe002 at umn.edu> wrote:

> In IIS I get:
> [PATH_INFO] =>
> /ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl


This isn't going to answer your question, but you can pretty much
guarantee that the token 'http:' isn't going to be part of a url, so
you could use that to split PATH_INFO into its component parts.
Kludgey, but you could make it work...


Chris Snyder
http://chxor.chxo.com/


From chsnyder at gmail.com  Wed Oct  8 17:04:46 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 8 Oct 2008 17:04:46 -0400
Subject: [nycphp-talk] Determine if your site has been defaced
In-Reply-To: <8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com>
References: <610851.13440.qm@web110008.mail.gq1.yahoo.com>
	<8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com>
Message-ID: <b76252690810081404k2ac98e8co2e7d12043c2cf2e7@mail.gmail.com>

On Wed, Oct 8, 2008 at 4:45 PM, John Campbell <jcampbell1 at gmail.com> wrote:
> On Wed, Oct 8, 2008 at 4:36 PM, Jeff Siegel <jeff987654 at yahoo.com> wrote:
>> Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced?
>
> I use Google Alerts, and use a search query like:
>
> site:example.com viagra OR levitra OR cialis OR penis OR hacked
>
> It's not fool proof, but it takes about 10 seconds to setup.
>

Don't the alerts get nabbed by your spam filter?


From ajai at bitblit.net  Wed Oct  8 17:09:44 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Wed, 8 Oct 2008 17:09:44 -0400 (EDT)
Subject: [nycphp-talk] Freelancing
Message-ID: <Pine.LNX.4.44.0810081709150.19344-100000@bitblit.net>


What sites do people use to bid on freelance PHP projects?


-- 
Aj.



From codebowl at gmail.com  Wed Oct  8 17:32:10 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 8 Oct 2008 17:32:10 -0400
Subject: [nycphp-talk] Freelancing
In-Reply-To: <Pine.LNX.4.44.0810081709150.19344-100000@bitblit.net>
References: <Pine.LNX.4.44.0810081709150.19344-100000@bitblit.net>
Message-ID: <A08E19AC-5165-43A4-BF08-9E4C874B5A9C@gmail.com>

The bestr i have used is guru.com but it's hard to get established.   
Once you get a few jobs it gets easier.

On Oct 8, 2008, at 5:09 PM, Ajai Khattri wrote:

>
> What sites do people use to bid on freelance PHP projects?
>
>
> -- 
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From jeff987654 at yahoo.com  Wed Oct  8 20:31:07 2008
From: jeff987654 at yahoo.com (Jeff Siegel)
Date: Wed, 8 Oct 2008 17:31:07 -0700 (PDT)
Subject: [nycphp-talk] Determine if your site has been defaced
Message-ID: <746220.22089.qm@web110013.mail.gq1.yahoo.com>

Thanks to all for your suggestions. Since the sites are usually dynamic...I kinda like Tim's suggestion of placing a string on the page, perhaps in a set of comment tags, and parsing for that string.

Jeff


      



From matt at atopia.net  Thu Oct  9 12:28:58 2008
From: matt at atopia.net (Matt Juszczak)
Date: Thu, 9 Oct 2008 12:28:58 -0400 (EDT)
Subject: [nycphp-talk] Collaborative Software
Message-ID: <20081009122616.V63110@mercury.atopia.net>

A little OT, but since it will most likely be programmed in PHP, I'm 
looking to see what others have developed and/or used.

I need to setup an "Intranet" for my FTJ.  In this Intranet I was going to 
include a bunch of things, like nagios, cacti, and a wiki.

The problem is that the requirements for the Intranet go well beyond what 
a simple wiki can accomplish.  Not only do we need a wiki for 
documentation, but we also need a way to:

 	- Share files with versioninng
 	- Create tickets for tasks (RT?)
 	- Track bugs (bugzilla?) and new feature requests for development
 	- "Project manage" new development projects
 	- etc.

I was going to setup tikiwiki or dokuwiki, along with bugzilla, and 
perhaps RT, and a few other things, but I was wondering if anyone could 
recommend an "all in one" solution that includes wiki+file sharing+project 
manangement tools+ticketing+task tracking, etc.

If not, I'll most likely go the independent software route.  Thanks for 
any suggestions!

-Matt


From zippy1981 at gmail.com  Thu Oct  9 12:38:11 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Thu, 9 Oct 2008 12:38:11 -0400
Subject: [nycphp-talk] Collaborative Software
In-Reply-To: <20081009122616.V63110@mercury.atopia.net>
References: <20081009122616.V63110@mercury.atopia.net>
Message-ID: <5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com>

http://trac.edgewall.org/
This combines much of the wiki info.

If you need to share files with versioning. you have two options. The first
is SharePoint. This is expensive, especially for a PHP shop. The second is
just to stored the files ina a Doc folder in subversion. Then you can just
serve up subversion over https to view the files. If you have MACS accessing
this repo be sure to read this:

http://www.netmojo.ca/blog/2007/05/03/subversion-webdav-osx/

On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak <matt at atopia.net> wrote:

> A little OT, but since it will most likely be programmed in PHP, I'm
> looking to see what others have developed and/or used.
>
> I need to setup an "Intranet" for my FTJ.  In this Intranet I was going to
> include a bunch of things, like nagios, cacti, and a wiki.
>
> The problem is that the requirements for the Intranet go well beyond what a
> simple wiki can accomplish.  Not only do we need a wiki for documentation,
> but we also need a way to:
>
>        - Share files with versioninng
>        - Create tickets for tasks (RT?)
>        - Track bugs (bugzilla?) and new feature requests for development
>        - "Project manage" new development projects
>        - etc.
>
> I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps
> RT, and a few other things, but I was wondering if anyone could recommend an
> "all in one" solution that includes wiki+file sharing+project manangement
> tools+ticketing+task tracking, etc.
>
> If not, I'll most likely go the independent software route.  Thanks for any
> suggestions!
>
> -Matt
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081009/3cf6e93d/attachment.html>

From matt at atopia.net  Thu Oct  9 12:40:54 2008
From: matt at atopia.net (Matt Juszczak)
Date: Thu, 9 Oct 2008 12:40:54 -0400 (EDT)
Subject: [nycphp-talk] Collaborative Software
In-Reply-To: <5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com>
References: <20081009122616.V63110@mercury.atopia.net>
	<5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com>
Message-ID: <20081009123951.R74607@mercury.atopia.net>

> http://trac.edgewall.org/
> This combines much of the wiki info.

We've been using this already, but not impressed at all.

> If you need to share files with versioning. you have two options. The first
> is SharePoint. This is expensive, especially for a PHP shop. The second is
> just to stored the files ina a Doc folder in subversion. Then you can just
> serve up subversion over https to view the files. If you have MACS accessing
> this repo be sure to read this:

Considered the web-based SVN repository, but were looking to see if there 
was another solution.  What are your thoughts on tikiwiki?

> http://www.netmojo.ca/blog/2007/05/03/subversion-webdav-osx/
>
> On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak <matt at atopia.net> wrote:
>
>> A little OT, but since it will most likely be programmed in PHP, I'm
>> looking to see what others have developed and/or used.
>>
>> I need to setup an "Intranet" for my FTJ.  In this Intranet I was going to
>> include a bunch of things, like nagios, cacti, and a wiki.
>>
>> The problem is that the requirements for the Intranet go well beyond what a
>> simple wiki can accomplish.  Not only do we need a wiki for documentation,
>> but we also need a way to:
>>
>>        - Share files with versioninng
>>        - Create tickets for tasks (RT?)
>>        - Track bugs (bugzilla?) and new feature requests for development
>>        - "Project manage" new development projects
>>        - etc.
>>
>> I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps
>> RT, and a few other things, but I was wondering if anyone could recommend an
>> "all in one" solution that includes wiki+file sharing+project manangement
>> tools+ticketing+task tracking, etc.
>>
>> If not, I'll most likely go the independent software route.  Thanks for any
>> suggestions!
>>
>> -Matt
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>


From lists at enobrev.com  Thu Oct  9 14:35:11 2008
From: lists at enobrev.com (Mark Armendariz)
Date: Thu, 9 Oct 2008 14:35:11 -0400
Subject: [nycphp-talk] [OT] NYC Laywer Recommendation?
Message-ID: <58f08dcf0810091135s6f1c3f40s95d38beb53b049c8@mail.gmail.com>

I'm not in any trouble or anything.  I need to get a software license
in order for a client.  Can anyone recommend a laywer here in NYC?
Please respond off list.

Sorry for the OT, but this is in-fact PHP related as it covers a PHP
application.

Thanks!!

Mark


From greg.rundlett at gmail.com  Thu Oct  9 14:36:07 2008
From: greg.rundlett at gmail.com (Greg Rundlett)
Date: Thu, 9 Oct 2008 14:36:07 -0400
Subject: [nycphp-talk] Collaborative Software
In-Reply-To: <20081009122616.V63110@mercury.atopia.net>
References: <20081009122616.V63110@mercury.atopia.net>
Message-ID: <5e2aaca40810091136p1e330f78tc03145f123d1bf02@mail.gmail.com>

On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak <matt at atopia.net> wrote:
> A little OT, but since it will most likely be programmed in PHP, I'm looking
> to see what others have developed and/or used.
>
> I need to setup an "Intranet" for my FTJ.  In this Intranet I was going to
> include a bunch of things, like nagios, cacti, and a wiki.
>
> The problem is that the requirements for the Intranet go well beyond what a
> simple wiki can accomplish.  Not only do we need a wiki for documentation,
> but we also need a way to:
>
>        - Share files with versioninng
>        - Create tickets for tasks (RT?)
>        - Track bugs (bugzilla?) and new feature requests for development
>        - "Project manage" new development projects
>        - etc.
>
> I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps
> RT, and a few other things, but I was wondering if anyone could recommend an
> "all in one" solution that includes wiki+file sharing+project manangement
> tools+ticketing+task tracking, etc.
>
> If not, I'll most likely go the independent software route.  Thanks for any
> suggestions!
>
> -Matt

Hi Matt,

You can combine KnowledgeTree, Drupal, Subversion, WebDAV / Apache
ModDav, WebSVN, Eventum (to do over I'd use Drupal tracker, or
something else), FreeMind, MediaWiki, and TaskJuggler into a complete
platform.  Still, it's a lot of work and depends entirely on
adoption/fitting into the organizations workflows.  I did not get a
chance to actually document or share much of the "how to" of that
system, but hope to someday.  There are a lot of possibilities out
there, but no matter how well crafted the solution is, the success is
going to depend more on how motivated and engaged people are in seeing
the system meet their needs.

I would have to say that even among big/enterprise solutions, there is
not a single product that does everything you mention.

One other thought is that Ubuntu has a pretty good system (in several
parts) that can stand as a model -- but it's neither available to
install, nor a single solution.  It bears repeating that their system
too is highly dependent on agreements between educated participants
about methods and procedures of the system.

Greg
-- 
skype/aim/irc freephile
home office 978-225-8302
greg at freephile.com


From ajai at bitblit.net  Thu Oct  9 15:31:50 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Thu, 9 Oct 2008 15:31:50 -0400 (EDT)
Subject: [nycphp-talk] Collaborative Software
In-Reply-To: <5e2aaca40810091136p1e330f78tc03145f123d1bf02@mail.gmail.com>
Message-ID: <Pine.LNX.4.44.0810091530380.19344-100000@bitblit.net>

On Thu, 9 Oct 2008, Greg Rundlett wrote:

> I would have to say that even among big/enterprise solutions, there is
> not a single product that does everything you mention.

I haven't looked, but do ZoHo (zoho.com) have some of these pieces? They 
have also recently opened their platform for third-party apps too (which 
is very interesting to me).



-- 
Aj.



From ben at projectskyline.com  Thu Oct  9 16:17:48 2008
From: ben at projectskyline.com (Ben Sgro)
Date: Thu, 09 Oct 2008 16:17:48 -0400
Subject: [nycphp-talk] [OT] 1U up for sale (and a lappie)
Message-ID: <48EE66EC.2080909@projectskyline.com>

Hello,

In trying to rid my basement of computers, I have up for grabs: 
http://www.geeks.com/details.asp?invtid=DL145&cat=SYS

I believe we have a RAID setup w/either 250 or 500 GB HD's in RAID1.
Best offer (and please pickup only, this thing weighs a ton!) I'm in 
Brooklyn NY.

Also, I have an IBM T61 laptop w/Ubuntu installed. I bought it from 
http://laclinux.com/en/Start
6 months ago for a research project (HOPE 2008) and I don't need it anymore.

That's it! Contact me off list -

- Ben

I coded PHP on both these computers = ]


From mikesz at qualityadvantages.com  Sat Oct 11 08:51:37 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sat, 11 Oct 2008 20:51:37 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
Message-ID: <79812751.20081011205137@qualityadvantages.com>

Hello NYPHP,

  One of my sites went down yesterday with "Out of Bandwidth". When I
  checked into it, a badguy had hijacked an application folder called
  /xml that usually contains one php file that serves the application
  menu system. I have no idea why the software developer chose this
  method. The /xml folder is read only (and has always been read only)
  Yesterday, in addition to the single php file, /xml contained a
  subfolder called odg which contained a porn distribution application
  with thousands of images that it was serving the planet though
  mediacatch.com and myhostdyn.com among others. I have no idea how
  the badguy got in and my ISP doesn't have a clue either. I got them
  to delete the junk because the badguy used a Unix system account to
  create the junk and I was unable to delete with the permissions I
  have.

  Now with that gone, I decided to add a .htaccess file to further
  restrict access to the /xml folder but when I did, the .htaccess
  file does not respond at all. Here is what I put in there:

Options -Indexes

order deny,allow

<files "*.*">
Deny from All
</files>

<files "*.*">
Allow from 127.0.0.1 localhost
</files>

I expected that if I tried to access that folder directly that I would
get a 403 but instead I got the application intro screen?

I checked my test system also and when I do a directory the /xml
folder, it shows me the content of the folder which is yet another
outcome unexpected.

The question I have is Does a folder named /xml have any special
status or significance on a linux box that would cause it to act
differently than say, an /includes folder that usually generates a
blank screen?

Any clues would be greatly appreciated. Notice that I haven't gotten
into the hack at all, no idea how it happened and the ISP is really
vague about what might have happened but is pointing the finger to my
app and, of course, his server is completely secure, btw, its a shared
server. My guess if that the bad guy ripped off the system account and
ran amok on it but nobody is even hinting that this could be a
possibility, to the contrary. Getting back to the /xml, why would I be
getting the bizarre behavior from it?

TIA

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From matt at atopia.net  Sat Oct 11 08:53:19 2008
From: matt at atopia.net (matt at atopia.net)
Date: Sat, 11 Oct 2008 12:53:19 +0000
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <79812751.20081011205137@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
Message-ID: <1952377757-1223729639-cardhu_decombobulator_blackberry.rim.net-686289375-@bxe036.bisx.prod.on.blackberry>

Are allowoverride and options set correctly in httpd.conf for that directory?


-----Original Message-----
From: mikesz at qualityadvantages.com

Date: Sat, 11 Oct 2008 20:51:37 
To: NYPHP Talk<talk at lists.nyphp.org>
Subject: [nycphp-talk] Need some understanding about a hacker attack...


Hello NYPHP,

  One of my sites went down yesterday with "Out of Bandwidth". When I
  checked into it, a badguy had hijacked an application folder called
  /xml that usually contains one php file that serves the application
  menu system. I have no idea why the software developer chose this
  method. The /xml folder is read only (and has always been read only)
  Yesterday, in addition to the single php file, /xml contained a
  subfolder called odg which contained a porn distribution application
  with thousands of images that it was serving the planet though
  mediacatch.com and myhostdyn.com among others. I have no idea how
  the badguy got in and my ISP doesn't have a clue either. I got them
  to delete the junk because the badguy used a Unix system account to
  create the junk and I was unable to delete with the permissions I
  have.

  Now with that gone, I decided to add a .htaccess file to further
  restrict access to the /xml folder but when I did, the .htaccess
  file does not respond at all. Here is what I put in there:

Options -Indexes

order deny,allow

<files "*.*">
Deny from All
</files>

<files "*.*">
Allow from 127.0.0.1 localhost
</files>

I expected that if I tried to access that folder directly that I would
get a 403 but instead I got the application intro screen?

I checked my test system also and when I do a directory the /xml
folder, it shows me the content of the folder which is yet another
outcome unexpected.

The question I have is Does a folder named /xml have any special
status or significance on a linux box that would cause it to act
differently than say, an /includes folder that usually generates a
blank screen?

Any clues would be greatly appreciated. Notice that I haven't gotten
into the hack at all, no idea how it happened and the ISP is really
vague about what might have happened but is pointing the finger to my
app and, of course, his server is completely secure, btw, its a shared
server. My guess if that the bad guy ripped off the system account and
ran amok on it but nobody is even hinting that this could be a
possibility, to the contrary. Getting back to the /xml, why would I be
getting the bizarre behavior from it?

TIA

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

From ramons at gmx.net  Sat Oct 11 09:42:46 2008
From: ramons at gmx.net (David Krings)
Date: Sat, 11 Oct 2008 09:42:46 -0400
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <79812751.20081011205137@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
Message-ID: <48F0AD56.1080107@gmx.net>

mikesz at qualityadvantages.com wrote:
> I checked my test system also and when I do a directory the /xml
> folder, it shows me the content of the folder which is yet another
> outcome unexpected.
> 

There is a setting in the Apache config that prevents the listing of 
directories. In a production system that should be always turned off.
Also, IIRC you can specify the name of the access file in the config as well, 
so it may not always be .htaccess, but I cannot think of any plausible reason 
to change that. But that may be worthwhile to check out.

Oh, and at your earliest convenience change the hosting company. If they 
cannot tell you how such a takeover happened then I wonder what they charge 
you money for. Anyone with a PC can do that type of hosting...


David


From mikesz at qualityadvantages.com  Sat Oct 11 09:55:34 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sat, 11 Oct 2008 21:55:34 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <48F0AD56.1080107@gmx.net>
References: <79812751.20081011205137@qualityadvantages.com>
	<48F0AD56.1080107@gmx.net>
Message-ID: <1628941357.20081011215534@qualityadvantages.com>

Hello David,

Saturday, October 11, 2008, 9:42:46 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> I checked my test system also and when I do a directory the /xml
>> folder, it shows me the content of the folder which is yet another
>> outcome unexpected.
>> 

> There is a setting in the Apache config that prevents the listing of 
> directories. In a production system that should be always turned off.
> Also, IIRC you can specify the name of the access file in the config as well,
> so it may not always be .htaccess, but I cannot think of any plausible reason
> to change that. But that may be worthwhile to check out.

> Oh, and at your earliest convenience change the hosting company. If they
> cannot tell you how such a takeover happened then I wonder what they charge
> you money for. Anyone with a PC can do that type of hosting...


> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3514 (20081011) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


HA! My thoughts exactly. I was blown away when they suggested my
scripts without ever checking their log files... Unbelievable! I
thought it was a nobrainer to track such a blatant intrusion
especially when the time frame of when the breach occurred is known
almost to the second.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From dan.horning at planetnoc.com  Sat Oct 11 10:00:40 2008
From: dan.horning at planetnoc.com (Dan Horning)
Date: Sat, 11 Oct 2008 10:00:40 -0400
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <48F0AD56.1080107@gmx.net>
References: <79812751.20081011205137@qualityadvantages.com>
	<48F0AD56.1080107@gmx.net>
Message-ID: <1223733640.6313.12.camel@dan-linux-home.nycap.rr.com>

On Sat, 2008-10-11 at 09:42 -0400, David Krings wrote:
> mikesz at qualityadvantages.com wrote:
> > I checked my test system also and when I do a directory the /xml
> > folder, it shows me the content of the folder which is yet another
> > outcome unexpected.
> > 
> 
> There is a setting in the Apache config that prevents the listing of 
> directories. In a production system that should be always turned off.
> Also, IIRC you can specify the name of the access file in the config as well, 
> so it may not always be .htaccess, but I cannot think of any plausible reason 
> to change that. But that may be worthwhile to check out.
> 
> Oh, and at your earliest convenience change the hosting company. If they 
> cannot tell you how such a takeover happened then I wonder what they charge 
> you money for. Anyone with a PC can do that type of hosting...

On one hand i can understand how the host wouldn't know exactly how the
files got there - but the file ownership and logs should give much more
information away and they should know if it was a shell attack, a remote
file inclusion, or any number of common attacks. 

from your side though - are you using a common code base or module that
might be vulnerable, or maybe an old version of a now patched software
setup? if you are, what i use then might be something to look for in a
web host - we use an intrusion detection system that combines
mod_security with some well written rules along with some other software
that monitors everything. With that in place although I'm sure there is
still a way for someone to find a way into your system, it's incredibly
less likely, and the automated attackers would most certainly not work. 

to answer your question about the .htaccess file - there is also a
possibility that the host does not have all of the AllowOverride
directive active for your hosting account. in that case some items would
work and others wouldn't.

next up the content of your .htaccess
it's probably not what you wanted to do and i'm nearly positive that the
deny/allow isn't working
> -Indexes
- turns off directory listings
you may also need to change this to another name - thus triggering the
default not to be shown
> DirectoryIndex index.php 
 - that will make the only file index.php that will show up when you did
http://host/xml/ (correct me if i'm thinking the other directive it's
early) 
--------------------------------------
> Options -Indexes
> 
> order deny,allow
> 
> <files "*.*">
> Deny from All
> </files>
> 
> <files "*.*">
> Allow from 127.0.0.1 localhost
> </files>

this is a working config for something i have running
> Options -Indexes                                                                
>                                                                                 
> AuthUserFile /pathto/.htpasswd"                     
> AuthType Basic                                                                  
> AuthName "Staff Only"                                                           
> Satisfy Any                                                                     
>                                                                                 
> <Limit GET POST>                                                                
> order deny,allow                                                                
> deny from all                                                                   
> allow from some.ip.add.ress                                                        
> require valid-user                                                              
> </Limit>        

-- 
Dan Horning

American Digital Services - Where you are only limited by imagination.
direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
dan.horning at planetnoc.com
http://www.americandigitalservices.com



From dan.horning at planetnoc.com  Sat Oct 11 10:01:47 2008
From: dan.horning at planetnoc.com (Dan Horning)
Date: Sat, 11 Oct 2008 10:01:47 -0400
Subject: [nycphp-talk] Need some understanding about a hacker
	attack...
In-Reply-To: <1628941357.20081011215534@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<48F0AD56.1080107@gmx.net>
	<1628941357.20081011215534@qualityadvantages.com>
Message-ID: <1223733707.6313.14.camel@dan-linux-home.nycap.rr.com>

On Sat, 2008-10-11 at 21:55 +0800, mikesz at qualityadvantages.com wrote:
> Hello David,
> 
> Saturday, October 11, 2008, 9:42:46 PM, you wrote:
> 
> > mikesz at qualityadvantages.com wrote:
> >> I checked my test system also and when I do a directory the /xml
> >> folder, it shows me the content of the folder which is yet another
> >> outcome unexpected.
> >> 
> 
> > There is a setting in the Apache config that prevents the listing of 
> > directories. In a production system that should be always turned off.
> > Also, IIRC you can specify the name of the access file in the config as well,
> > so it may not always be .htaccess, but I cannot think of any plausible reason
> > to change that. But that may be worthwhile to check out.
> 
> > Oh, and at your earliest convenience change the hosting company. If they
> > cannot tell you how such a takeover happened then I wonder what they charge
> > you money for. Anyone with a PC can do that type of hosting...

> HA! My thoughts exactly. I was blown away when they suggested my
> scripts without ever checking their log files... Unbelievable! I
> thought it was a nobrainer to track such a blatant intrusion
> especially when the time frame of when the breach occurred is known
> almost to the second.
> 

i have to also +1 the new host thing.. ASAP

-- 
Dan Horning

American Digital Services - Where you are only limited by imagination.
direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
dan.horning at planetnoc.com
http://www.americandigitalservices.com



From brianw1975 at gmail.com  Sat Oct 11 10:03:37 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Sat, 11 Oct 2008 10:03:37 -0400
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <79812751.20081011205137@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
Message-ID: <ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>

this totally sucks and i'm sorry to hear this happened.  It sounds like
you'll need a crash course in Apache configuration...

My advice to you is to do a couple things:

a) Most importantly, consider *finding a new host*, because
  1) they should have records of all connectivity to that server
  2) their system is obviously insecure and when it comes to server security
i believe that hosts have a '1 strike and you are out' grace period
  3) the hacker probably got in through ssh if he was able to set
permissions to the point where you were not able to delete them (they were
probably under ownership of the account he used to hack the system)

b) assuming that the .htaccess is local to the /xml directory only
  1) (if you haven't done so already) create a .htaccess file in the root
directory and put 'Options -Indexes in that
  2) IIRC this: "<files "*.*">Deny from All</files>" is useless because
"<files "*.*">Allow from 127.0.0.1 localhost</files>" will override it WITH
the following caveat: the *main* apache config has to have AllowOverride All
specified

The use of .htaccess files can be disabled completely by setting the
> AllowOverride<http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride>directive to
> none:
>

that means you could make changes to your .htaccess file all day long and
nothing will change (which i think is the problem on both machines, but not
exactly sure since I don't have specifics of file names, references to those
file names, etc)

  3) if your .htaccess file is working correctly i think you want something
more along the lines of

<FilesMatch "\..+$">
Order Deny,Allow
Deny from All
Allow from 127.0.0.1 localhost
</files>

Just off the top of my head though

Good luck.



On Sat, Oct 11, 2008 at 8:51 AM,  <mikesz at qualityadvantages.com> wrote:
> Hello NYPHP,
>
>  One of my sites went down yesterday with "Out of Bandwidth". When I
>  checked into it, a badguy had hijacked an application folder called
>  /xml that usually contains one php file that serves the application
>  menu system. I have no idea why the software developer chose this
>  method. The /xml folder is read only (and has always been read only)
>  Yesterday, in addition to the single php file, /xml contained a
>  subfolder called odg which contained a porn distribution application
>  with thousands of images that it was serving the planet though
>  mediacatch.com and myhostdyn.com among others. I have no idea how
>  the badguy got in and my ISP doesn't have a clue either. I got them
>  to delete the junk because the badguy used a Unix system account to
>  create the junk and I was unable to delete with the permissions I
>  have.
>
>  Now with that gone, I decided to add a .htaccess file to further
>  restrict access to the /xml folder but when I did, the .htaccess
>  file does not respond at all. Here is what I put in there:
>
> Options -Indexes
>
> order deny,allow
>
> <files "*.*">
> Deny from All
> </files>
>
> <files "*.*">
> Allow from 127.0.0.1 localhost
> </files>
>
> I expected that if I tried to access that folder directly that I would
> get a 403 but instead I got the application intro screen?
>
> I checked my test system also and when I do a directory the /xml
> folder, it shows me the content of the folder which is yet another
> outcome unexpected.
>
> The question I have is Does a folder named /xml have any special
> status or significance on a linux box that would cause it to act
> differently than say, an /includes folder that usually generates a
> blank screen?
>
> Any clues would be greatly appreciated. Notice that I haven't gotten
> into the hack at all, no idea how it happened and the ISP is really
> vague about what might have happened but is pointing the finger to my
> app and, of course, his server is completely secure, btw, its a shared
> server. My guess if that the bad guy ripped off the system account and
> ran amok on it but nobody is even hinting that this could be a
> possibility, to the contrary. Getting back to the /xml, why would I be
> getting the bizarre behavior from it?
>
> TIA
>
> --
> Best regards,
>  mikesz                          mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081011/6d5dca11/attachment.html>

From mikesz at qualityadvantages.com  Sat Oct 11 11:58:39 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sat, 11 Oct 2008 23:58:39 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
Message-ID: <176297490.20081011235839@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081011/1a3abf8c/attachment.html>

From michael.southwell at nyphp.com  Sat Oct 11 14:53:54 2008
From: michael.southwell at nyphp.com (Michael Southwell)
Date: Sat, 11 Oct 2008 14:53:54 -0400
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <176297490.20081011235839@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
	<176297490.20081011235839@qualityadvantages.com>
Message-ID: <48F0F642.1040704@nyphp.com>

mikesz at qualityadvantages.com wrote:
> Hello Brian,
> 
> 
> Saturday, October 11, 2008, 10:03:37 PM, you wrote:
> 
> 
> 
> Thanks very much for the feedback. I have been thinking since I moved to 
> this server in May that something wasn't quite right. 

and just who is this host?


-- 
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING:  http://nyphp.com/Training/Indepth


From mikesz at qualityadvantages.com  Sat Oct 11 22:43:14 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 12 Oct 2008 10:43:14 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
Message-ID: <468069076.20081012104314@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081012/8a4acfbe/attachment.html>

From dan.horning at planetnoc.com  Sat Oct 11 23:03:13 2008
From: dan.horning at planetnoc.com (Dan Horning)
Date: Sat, 11 Oct 2008 23:03:13 -0400
Subject: [nycphp-talk] Need some understanding about a hacker
	attack...
In-Reply-To: <468069076.20081012104314@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
	<468069076.20081012104314@qualityadvantages.com>
Message-ID: <1223780593.13621.1.camel@dan-linux-home.nycap.rr.com>

Mike,

Please let us know if we can help - we do host sites in a more secure
fashion and monitor all the servers at a high level

rates are on planetnoc.com (we are small but very high powered)

-Dan Horning


On Sun, 2008-10-12 at 10:43 +0800, mikesz at qualityadvantages.com wrote:
> 
> Thanks again.
> 
> 
> -- 
> 
> Best regards,
> 
>  mikesz  
-- 
Dan Horning

American Digital Services - Where you are only limited by imagination.
direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
dan.horning at planetnoc.com
http://www.americandigitalservices.com



From brianw1975 at gmail.com  Sat Oct 11 23:13:01 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Sat, 11 Oct 2008 23:13:01 -0400
Subject: [nycphp-talk] Need some understanding about a hacker
	attack...
In-Reply-To: <468069076.20081012104314@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
	<468069076.20081012104314@qualityadvantages.com>
Message-ID: <ae0c70e80810112013jbe05c12u3fbf863e51135c30@mail.gmail.com>

Mike,

Yeah, I've ran into hosts like that before.  As soon as they refuse to
accept even the remote possibility that they are at fault it's time to move
on, especially when it comes to a hack to that extent.

Did they even offer any logs that you could review so you could "fix your
software" (since they say that's at fault) ?

If you are ok with being a sys admin and ~25$ a month isn't too much, I
recommend getting a VPS through knownhost.com  I've been dealing with them
for about 2 years now and have never had a problem last longer than an hour,
and that was only one time.

You'll have dedicated IP addresses, dedicated mail server, dedicated DNS,
and just about anything else you want to install.  The biggest up side is no
chance of getting labeled as spam, or being at the mercy of someone elses
whims, you'll have complete control over php settings and apache configs,
and you'll be able to host however many domains,subdomains, etc you want.

No, I'm not affiliated with them, nor employed by them, I just a *very*
satisfied customer.  I originally started at the $20/month plan and have
since then upgraded twice.

Good luck


On Sat, Oct 11, 2008 at 10:43 PM, <mikesz at qualityadvantages.com> wrote:

>  Hello Brian,
>
>
> I checked all the points you made and thanks for taking the time.
>
>
> "It sounds like you'll need a crash course in Apache configuration..."
>
>
> That works for me here on my development system that is an XP pro Box
> running WAMPSERVER but unfortunately my host has all the marbles and seems
> now to be less than enthusiastic about learning Apache than I would expect.
> When I got the equivalent of "we are bulletproof" and you are not, I pretty
> much got the idea that they either don't know what they are doing or the
> "status quo" is a bigger priority than doing it right.
>
>
> I have seen this before, though not to this extent, where a tech will say
> "but they are configured identically" and when you do a phpinfo.php on each
> of them, its like they are on different planet and clearly configured by
> different people with totally different compile instructions.
>
>
> I think your first point, and the one made by a few other people who
> replied to me is the most relevant now, need to go hunting for a host again
> clearly.
>
>
> Thanks again.
>
>
> --
>
> Best regards,
>
>  mikesz                            mailto:mikesz at qualityadvantages.com<mikesz at qualityadvantages.com>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081011/58d177f8/attachment.html>

From mikesz at qualityadvantages.com  Sun Oct 12 00:59:05 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 12 Oct 2008 12:59:05 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <ae0c70e80810112013jbe05c12u3fbf863e51135c30@mail.gmail.com>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
	<468069076.20081012104314@qualityadvantages.com>
	<ae0c70e80810112013jbe05c12u3fbf863e51135c30@mail.gmail.com>
Message-ID: <629309183.20081012125905@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081012/375e7076/attachment.html>

From ramons at gmx.net  Sun Oct 12 08:13:41 2008
From: ramons at gmx.net (David Krings)
Date: Sun, 12 Oct 2008 08:13:41 -0400
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <629309183.20081012125905@qualityadvantages.com>
References: <79812751.20081011205137@qualityadvantages.com>	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>	<468069076.20081012104314@qualityadvantages.com>	<ae0c70e80810112013jbe05c12u3fbf863e51135c30@mail.gmail.com>
	<629309183.20081012125905@qualityadvantages.com>
Message-ID: <48F1E9F5.1060300@gmx.net>

mikesz at qualityadvantages.com wrote:
> That was the part that floored me. They threw it out there with NO other 
> justification or ANY evidence to support their assumption, nothing and 
> in a really, really nonchalant tone which bugged me even more. Actually, 
> they did refer to the folders in the product that require write access 
> to do things like realtime image conversions and uploads, but definitely 
> NO, "we found a hacker using such and such folder" nothing like that and 
> as I mentioned the exploited folder was and is read only so that was 
> another red herring they threw at me.

Maybe it was not a hack, but the hoster who rededicated your server space to 
someone else to rake in some more dough (pure speculation). Can you let us 
know who that hosting company is?

David


From mikesz at qualityadvantages.com  Sun Oct 12 09:47:52 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 12 Oct 2008 21:47:52 +0800
Subject: [nycphp-talk] Need some understanding about a hacker attack...
In-Reply-To: <48F1E9F5.1060300@gmx.net>
References: <79812751.20081011205137@qualityadvantages.com>
	<ae0c70e80810110703m5f74c0ccr5a72f2c489933f5c@mail.gmail.com>
	<468069076.20081012104314@qualityadvantages.com>
	<ae0c70e80810112013jbe05c12u3fbf863e51135c30@mail.gmail.com>
	<629309183.20081012125905@qualityadvantages.com>
	<48F1E9F5.1060300@gmx.net>
Message-ID: <1428220372.20081012214752@qualityadvantages.com>

Hello David,

Sunday, October 12, 2008, 8:13:41 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> That was the part that floored me. They threw it out there with NO other 
>> justification or ANY evidence to support their assumption, nothing and 
>> in a really, really nonchalant tone which bugged me even more. Actually, 
>> they did refer to the folders in the product that require write access 
>> to do things like realtime image conversions and uploads, but definitely 
>> NO, "we found a hacker using such and such folder" nothing like that and 
>> as I mentioned the exploited folder was and is read only so that was 
>> another red herring they threw at me.

> Maybe it was not a hack, but the hoster who rededicated your server space to
> someone else to rake in some more dough (pure speculation). Can you let us
> know who that hosting company is?

> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3515 (20081011) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


Infrenion.

That would really, really suck and I can see the plausibility of it
too. I thought that it was weird that ONLY that folder on my site was
owned by the UNIX system.

I did a search on the "path" that the bad guys are still using to
pound my site and that folder that is gone now and get thousands of
error, not to mention my error log filling up with 304s and 403s

"Results 11 - 20 of about 27,600 for /xml/odg/."

 They are all referencing warning messages/conditions from trying to
 access the junk that was but no longer on my site.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From dorgan at donaldorgan.com  Sun Oct 12 18:31:09 2008
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Sun, 12 Oct 2008 18:31:09 -0400 (EDT)
Subject: [nycphp-talk] Open Source Conferences
Message-ID: <28398471.61223850669279.JavaMail.root@twoguyshosting.com.>

Does anyone know of any opensource conferences in 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081012/f5585bf4/attachment.html>

From dorgan at donaldorgan.com  Sun Oct 12 18:32:09 2008
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Sun, 12 Oct 2008 18:32:09 -0400 (EDT)
Subject: [nycphp-talk] Open Source Conferences
Message-ID: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.>

Ok lets try this again. 

Does anyone know of any opensource conferences coming up that are located in the tri-state area?? 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081012/b0b47e07/attachment.html>

From lists at zaunere.com  Sun Oct 12 19:19:11 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Sun, 12 Oct 2008 19:19:11 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
References: <00ed01c928c3$7715a210$6540e630$@com>	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
	<b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
Message-ID: <005501c92cc0$ef84f1a0$ce8ed4e0$@com>

Gentlemen,

> > The safest approach is probably to pass the html through tidy, and
> > then into DOM, and traverse and count the length of text nodes, but
> > that would be quite slow if you ran it on every request.
> 
> Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't
> need to do it on every request -- you can either store the summary
> itself as a separate text field, or store the length of the summary as
> an integer.

I tried this, working through using both DOM and Tidy, and combinations of each - no luck.  The problem is getting the differential between the two versions of the text.

> This is crying out for a web service: The Excerpter. POST markup, get
> the first X display characters back as a response, with embedded HTML
> intact.

Yeah, I agree - this has turned into a royal problem, and one that seems as though it'd had to be solved already.

At the end of the day, what would be a very handy library - an object/etc that would store the text, in various forms, include various manipulation methods on it, meta data, etc, etc.  I had written something like this for MIME, but would not look forward to doing it for HTML/etc.

H




From jcampbell1 at gmail.com  Mon Oct 13 09:47:32 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Mon, 13 Oct 2008 09:47:32 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <005501c92cc0$ef84f1a0$ce8ed4e0$@com>
References: <00ed01c928c3$7715a210$6540e630$@com>
	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
	<b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
	<005501c92cc0$ef84f1a0$ce8ed4e0$@com>
Message-ID: <8f0676b40810130647r66d940f7p749a97df36e88227@mail.gmail.com>

On Sun, Oct 12, 2008 at 7:19 PM, Hans Zaunere <lists at zaunere.com> wrote:
> Gentlemen,
>
>> > The safest approach is probably to pass the html through tidy, and
>> > then into DOM, and traverse and count the length of text nodes, but
>> > that would be quite slow if you ran it on every request.
>>
>> Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't
>> need to do it on every request -- you can either store the summary
>> itself as a separate text field, or store the length of the summary as
>> an integer.
>
> I tried this, working through using both DOM and Tidy, and combinations of each - no luck.  The problem is getting the differential between the two versions of the text.
>

This is a solvable problem, but the problem needs to be really well
defined.  I assume you want to snip the html, to show a preview.  If
you leave things like youtube videos and images, then the post could
be really long without much text.  Why do you need the differential
between the two versions?  As soon as you pass something through tidy,
getting the differential is impossible because it can change the html
in unpredictable ways.  Not cutting in the middle of a tag is pretty
easy to solve, just iterate and keep track of the open tags on a
stack.

-John Campbell


From zippy1981 at gmail.com  Mon Oct 13 10:01:43 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Mon, 13 Oct 2008 10:01:43 -0400
Subject: [nycphp-talk] Open Source Conferences
In-Reply-To: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.>
References: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.>
Message-ID: <5458db3c0810130701n629f477dw3a259f1a14be827e@mail.gmail.com>

You missed NYCBSDCON, and a pitsburg perl conference.

Debianconf 10 is supposed to be in NYC. However devbianconf8 was this
year so I aasume that will occur in 2010.

Nothing else I know of.

On Sun, Oct 12, 2008 at 6:32 PM, Donald J. Organ IV
<dorgan at donaldorgan.com> wrote:
> Ok lets try this again.
>
> Does anyone know of any opensource conferences coming up that are located in
> the tri-state area??
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From jmcgraw1 at gmail.com  Mon Oct 13 10:12:24 2008
From: jmcgraw1 at gmail.com (Jake McGraw)
Date: Mon, 13 Oct 2008 10:12:24 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <005501c92cc0$ef84f1a0$ce8ed4e0$@com>
References: <00ed01c928c3$7715a210$6540e630$@com>
	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
	<b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
	<005501c92cc0$ef84f1a0$ce8ed4e0$@com>
Message-ID: <e065b8610810130712o2ce10ae6gadbb0be7238a32fa@mail.gmail.com>

Forget diffs and HTML text, this problem totally ate up all my time at
a startup where a JavaScript WYSIWYG editor was the only choice for
generating a marked-up document. May I suggest Markdown [1,2] + the
Showdown preview panel [3]. Markdown is a very light syntax for
generating HTML documents, Showdown gives you a preview of your
document while you're editing the textarea. I have already converted
one custom CMS to Markdown and I think it's been quite successful.

[1] http://daringfireball.net/projects/markdown/
[2] http://michelf.com/projects/php-markdown/
[3] http://attacklab.net/showdown/

- jake

On Sun, Oct 12, 2008 at 7:19 PM, Hans Zaunere <lists at zaunere.com> wrote:
> Gentlemen,
>
>> > The safest approach is probably to pass the html through tidy, and
>> > then into DOM, and traverse and count the length of text nodes, but
>> > that would be quite slow if you ran it on every request.
>>
>> Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't
>> need to do it on every request -- you can either store the summary
>> itself as a separate text field, or store the length of the summary as
>> an integer.
>
> I tried this, working through using both DOM and Tidy, and combinations of each - no luck.  The problem is getting the differential between the two versions of the text.
>
>> This is crying out for a web service: The Excerpter. POST markup, get
>> the first X display characters back as a response, with embedded HTML
>> intact.
>
> Yeah, I agree - this has turned into a royal problem, and one that seems as though it'd had to be solved already.
>
> At the end of the day, what would be a very handy library - an object/etc that would store the text, in various forms, include various manipulation methods on it, meta data, etc, etc.  I had written something like this for MIME, but would not look forward to doing it for HTML/etc.
>
> H
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From chsnyder at gmail.com  Mon Oct 13 10:38:13 2008
From: chsnyder at gmail.com (csnyder)
Date: Mon, 13 Oct 2008 10:38:13 -0400
Subject: [nycphp-talk] Singular value decomposition with PHP
Message-ID: <b76252690810130738g5b3512daha9a25d21baea4447@mail.gmail.com>

I'm interested in playing around with singular value decomposition of
matrices, and wondering:

Does anyone here use this on a regular basis, and for what? I'm pretty
much vector/matrix illiterate, so feel free to mention the obvious.

And can you point me to an existing library in PHP (or better yet, a
PHP extension) that handles the math?


Chris Snyder
http://chxor.chxo.com/


From ajai at bitblit.net  Mon Oct 13 12:01:43 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 13 Oct 2008 12:01:43 -0400 (EDT)
Subject: [nycphp-talk] Open Source Conferences
In-Reply-To: <28398471.61223850669279.JavaMail.root@twoguyshosting.com.>
Message-ID: <Pine.LNX.4.44.0810131157430.19344-100000@bitblit.net>

On Sun, 12 Oct 2008, Donald J. Organ IV wrote:

> Does anyone know of any opensource conferences in 

LinuxWorld used to be in NYC at the Javits Center then it moved to Boston 
for awhile. Now I think its only on the west coast.

Yeah, its annoying...


UPDATE: Did some checking and it looks like its been renamed 
opensourceworld, still on the west coast only.


-- 
Aj.



From edwardpotter at gmail.com  Mon Oct 13 13:07:20 2008
From: edwardpotter at gmail.com (Edward Potter)
Date: Mon, 13 Oct 2008 13:07:20 -0400
Subject: [nycphp-talk] Singular value decomposition with PHP
In-Reply-To: <b76252690810130738g5b3512daha9a25d21baea4447@mail.gmail.com>
References: <b76252690810130738g5b3512daha9a25d21baea4447@mail.gmail.com>
Message-ID: <c5949a380810131007m8cb31a1m721f09a67d1202e2@mail.gmail.com>

Ummm, that's like what my last GF told me as she dropped me -  "it's
just that, well you know, you're just an example of a Singular Value
Decomposition Matrix,  and that's not the crowd I hang with."

Now I know.  :-)

yipes!

:-)  ed


On Mon, Oct 13, 2008 at 10:38 AM, csnyder <chsnyder at gmail.com> wrote:
> I'm interested in playing around with singular value decomposition of
> matrices, and wondering:
>
> Does anyone here use this on a regular basis, and for what? I'm pretty
> much vector/matrix illiterate, so feel free to mention the obvious.
>
> And can you point me to an existing library in PHP (or better yet, a
> PHP extension) that handles the math?
>
>
> Chris Snyder
> http://chxor.chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



-- 
IM/iChat: ejpusa
Links: http://del.icio.us/ejpusa
Blog: http://www.preceptress.com/blog
Follow me: http://www.twitter.com/ejpusa
Karma: http://www.coderswithconscience.com
Projects: http://flickr.com/photos/86842405 at N00/
Store: http://astore.amazon.com/httpwwwutopic-20


From chsnyder at gmail.com  Mon Oct 13 13:11:55 2008
From: chsnyder at gmail.com (csnyder)
Date: Mon, 13 Oct 2008 13:11:55 -0400
Subject: [nycphp-talk] Blog Posts with Embedded Content
In-Reply-To: <e065b8610810130712o2ce10ae6gadbb0be7238a32fa@mail.gmail.com>
References: <00ed01c928c3$7715a210$6540e630$@com>
	<8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com>
	<b76252690810081115p39167171t21c3e9c6ca7ce548@mail.gmail.com>
	<005501c92cc0$ef84f1a0$ce8ed4e0$@com>
	<e065b8610810130712o2ce10ae6gadbb0be7238a32fa@mail.gmail.com>
Message-ID: <b76252690810131011r29a3395fx1fc5f822e36d8b6e@mail.gmail.com>

On Mon, Oct 13, 2008 at 10:12 AM, Jake McGraw <jmcgraw1 at gmail.com> wrote:
> Forget diffs and HTML text, this problem totally ate up all my time at
> a startup where a JavaScript WYSIWYG editor was the only choice for
> generating a marked-up document. May I suggest Markdown [1,2] + the
> Showdown preview panel [3]. Markdown is a very light syntax for
> generating HTML documents, Showdown gives you a preview of your
> document while you're editing the textarea. I have already converted
> one custom CMS to Markdown and I think it's been quite successful.
>
> [1] http://daringfireball.net/projects/markdown/
> [2] http://michelf.com/projects/php-markdown/
> [3] http://attacklab.net/showdown/
>
> - jake
>

The biggest problem I've seen, that isn't solved by a switch to
markdown or any other meta-markup technique, is that CMS users
increasingly just want to paste in HTML snippets that include embedded
objects, and have them work.

Think YouTube, Vimeo, Google spreadsheets, Wufoo forms, all that crap.

Markdown is great -- GREAT -- if you have enlightened editors and
copywriters who agree that it's easier to use a simple syntax in order
to create consistent results. It can even be combined with a WYSIWYG
rich-text editor to get the best of both worlds.

But it falls down as soon as you ask non-technical people to use it in
place of HTML, because they don't really understand what HTML or
Markdown is and why they should care, they just want to embed their
widgets and move on.

What Hans is looking for is a way to reliably get just the first few
"lines" of any HTML document, whether it is properly HTML-formatted or
not, without truncating embedded elements.

   chris.


From chsnyder at gmail.com  Mon Oct 13 13:17:37 2008
From: chsnyder at gmail.com (csnyder)
Date: Mon, 13 Oct 2008 13:17:37 -0400
Subject: [nycphp-talk] Singular value decomposition with PHP
In-Reply-To: <c5949a380810131007m8cb31a1m721f09a67d1202e2@mail.gmail.com>
References: <b76252690810130738g5b3512daha9a25d21baea4447@mail.gmail.com>
	<c5949a380810131007m8cb31a1m721f09a67d1202e2@mail.gmail.com>
Message-ID: <b76252690810131017ife89a0drca3230c65372cd69@mail.gmail.com>

On Mon, Oct 13, 2008 at 1:07 PM, Edward Potter <edwardpotter at gmail.com> wrote:
> Ummm, that's like what my last GF told me as she dropped me -  "it's
> just that, well you know, you're just an example of a Singular Value
> Decomposition Matrix,  and that's not the crowd I hang with."
>
> Now I know.  :-)

Oh yeah, I'm totally going to use this stuff at cocktail parties.

"And what do you do?"
"I'm investigating the use of singular value decomposition algorithms
to correctly predict relationships between entities in a matrix. How
about you?"

That should go swimmingly.


From joedevon at yahoo.com  Mon Oct 13 13:10:36 2008
From: joedevon at yahoo.com (Joe)
Date: Mon, 13 Oct 2008 10:10:36 -0700 (PDT)
Subject: [nycphp-talk] nyphp-talk Open Source Conference
Message-ID: <219660.90445.qm@web83602.mail.sp1.yahoo.com>

How about http://opensqlcamp.org


      


From corey at gelform.com  Mon Oct 13 13:38:25 2008
From: corey at gelform.com (Corey H Maass - gelform.com)
Date: Mon, 13 Oct 2008 13:38:25 -0400
Subject: [nycphp-talk] Newbie books
Message-ID: <1223919505.13746.1279039113@webmail.messagingengine.com>

Hey, all. I wanted to introduce myself. I'm an experienced programmer
(remember ASP, before dont net?) with little formal training, so often
referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
JS - now tackling PHP and loving it. A couple coworkers recommended this
list, so I'll be eavesdropping.

I'm looking to go thru a book or two and need some help. I know all
about loops, conditional statements, and the basics of programming. I
understand the concepts behind OOP, but have limited experience with
actually using it. I immediately grasped the basics of the PHP syntax
but am starting to balk at the double colon meaning a static class and
the single vs double arrow... So I guess I'm looking for something
intermediate, and wondering if anyone can make a suggestions?

Thanks,

Corey

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform



From zippy1981 at gmail.com  Mon Oct 13 15:14:08 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Mon, 13 Oct 2008 15:14:08 -0400
Subject: [nycphp-talk] nyphp-talk Open Source Conference
In-Reply-To: <219660.90445.qm@web83602.mail.sp1.yahoo.com>
References: <219660.90445.qm@web83602.mail.sp1.yahoo.com>
Message-ID: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com>

What about it? Do you want to go to it? Are you suggesting nyphp gets
a table at it?

Your message lacks context.

On Mon, Oct 13, 2008 at 1:10 PM, Joe <joedevon at yahoo.com> wrote:
> How about http://opensqlcamp.org
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From dorgan at donaldorgan.com  Mon Oct 13 15:15:57 2008
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Mon, 13 Oct 2008 15:15:57 -0400 (EDT)
Subject: [nycphp-talk] nyphp-talk Open Source Conference
In-Reply-To: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com>
Message-ID: <4711296.291223925357684.JavaMail.root@twoguyshosting.com.>

I think he's just responding to my origianl question if anyone knew of any in the area.


----- Original Message -----
From: "Justin Dearing" <zippy1981 at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, October 13, 2008 3:14:08 PM GMT -05:00 US/Canada Eastern
Subject: Re: [nycphp-talk] nyphp-talk Open Source Conference

What about it? Do you want to go to it? Are you suggesting nyphp gets
a table at it?

Your message lacks context.

On Mon, Oct 13, 2008 at 1:10 PM, Joe <joedevon at yahoo.com> wrote:
> How about http://opensqlcamp.org
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


From porciem at FARMINGDALE.EDU  Mon Oct 13 15:16:41 2008
From: porciem at FARMINGDALE.EDU (porciem at FARMINGDALE.EDU)
Date: Mon, 13 Oct 2008 15:16:41 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <1223919505.13746.1279039113@webmail.messagingengine.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
Message-ID: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>

I would recommend an older book - the Deitel book - Perl How to Program.
Amazon has it
(http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr
_pr_product_top), and there are reviews on their site that are very
favorable. 
Margaret M. Porciello
Professor - Computer Systems Department
Farmingdale State College
2350 Broadhollow Road
Farmingdale, NY 11735



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Corey H Maass - gelform.com
Sent: Monday, October 13, 2008 1:38 PM
To: NYPHP Talk
Subject: [nycphp-talk] Newbie books

Hey, all. I wanted to introduce myself. I'm an experienced programmer
(remember ASP, before dont net?) with little formal training, so often
referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
JS - now tackling PHP and loving it. A couple coworkers recommended this
list, so I'll be eavesdropping.

I'm looking to go thru a book or two and need some help. I know all
about loops, conditional statements, and the basics of programming. I
understand the concepts behind OOP, but have limited experience with
actually using it. I immediately grasped the basics of the PHP syntax
but am starting to balk at the double colon meaning a static class and
the single vs double arrow... So I guess I'm looking for something
intermediate, and wondering if anyone can make a suggestions?

Thanks,

Corey

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


From mmwaldman at optonline.net  Mon Oct 13 15:21:33 2008
From: mmwaldman at optonline.net ((Margaret) Michele Waldman)
Date: Mon, 13 Oct 2008 15:21:33 -0400
Subject: [nycphp-talk] nyphp-talk Open Source Conference
In-Reply-To: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com>
Message-ID: <0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net>

Made sense to me.  But then again, I read the previous emails.  Funny.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Justin Dearing
Sent: Monday, October 13, 2008 3:14 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] nyphp-talk Open Source Conference

What about it? Do you want to go to it? Are you suggesting nyphp gets
a table at it?

Your message lacks context.

On Mon, Oct 13, 2008 at 1:10 PM, Joe <joedevon at yahoo.com> wrote:
> How about http://opensqlcamp.org
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From tmpvar at gmail.com  Mon Oct 13 15:26:01 2008
From: tmpvar at gmail.com (Elijah Insua)
Date: Mon, 13 Oct 2008 12:26:01 -0700
Subject: [nycphp-talk] Newbie books
In-Reply-To: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
Message-ID: <2b4feca10810131226i5549fd08q1e0c7a19b456f25a@mail.gmail.com>

The zend php5 certification book is great (especially if you already know
how to code in some language)

-- Elijah

On Mon, Oct 13, 2008 at 12:16 PM, <porciem at farmingdale.edu> wrote:

> I would recommend an older book - the Deitel book - Perl How to Program.
> Amazon has it
> (
> http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr
> _pr_product_top), and there are reviews on their site that are very
> favorable.
> Margaret M. Porciello
> Professor - Computer Systems Department
> Farmingdale State College
> 2350 Broadhollow Road
> Farmingdale, NY 11735
>
>
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On
> Behalf Of Corey H Maass - gelform.com
> Sent: Monday, October 13, 2008 1:38 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Newbie books
>
> Hey, all. I wanted to introduce myself. I'm an experienced programmer
> (remember ASP, before dont net?) with little formal training, so often
> referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
> JS - now tackling PHP and loving it. A couple coworkers recommended this
> list, so I'll be eavesdropping.
>
> I'm looking to go thru a book or two and need some help. I know all
> about loops, conditional statements, and the basics of programming. I
> understand the concepts behind OOP, but have limited experience with
> actually using it. I immediately grasped the basics of the PHP syntax
> but am starting to balk at the double colon meaning a static class and
> the single vs double arrow... So I guess I'm looking for something
> intermediate, and wondering if anyone can make a suggestions?
>
> Thanks,
>
> Corey
>
> //
> Corey H Maass
> Gelform Design
> Brooklyn, NY
> Print and web design for art and business
>
> em corey at gelform.com
> ww http://www.gelform.com
> ph 646/228.5048
> fx 866/502.4861
> IM gelform
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081013/b4362866/attachment.html>

From zippy1981 at gmail.com  Mon Oct 13 15:43:42 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Mon, 13 Oct 2008 15:43:42 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
Message-ID: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>

Professor Porciello,

I'm quite confused here. The book is called programming perl, and the
cover indicated it also has a Python edition to it. Also your
responding to an email on a php list about a person that wants to
learn PHP better.

So, does this book have a PHP section? Are you suggesting that this is
the best book on OOP out there and the OP would be best served
learning OOP theory from it?

There is one negative review on Amazon saying that the authors seem to
rewrite the same book over and over again in different languages, and
that perl due to its weirdness is not well served by this book. IMHO
That *MIGHT* would serve as a positive review in this case, because
the problem with perl is you can write it in any paradim you want
,procedural, functional, OO, etc. If this book is designed around
generic OOP principles that apply to other languages, instead of
teaching you all the perlisms, both good and bad, then it might have
merit to a PHP Programmer

Corey,

Just out of curosity, do you disagree with the syntax of static
function, or just not understand their purpose? Can you suggest a
syntax you would prefer? The syntax btw is taken from C++. It is
obtuse on one hand, but on the other hand its immediatly clear your
calling a static function for a class and not a member function of an
object.

Regards,

Justin Dearing



On Mon, Oct 13, 2008 at 3:16 PM,  <porciem at farmingdale.edu> wrote:
> I would recommend an older book - the Deitel book - Perl How to Program.
> Amazon has it
> (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr
> _pr_product_top), and there are reviews on their site that are very
> favorable.
> Margaret M. Porciello
> Professor - Computer Systems Department
> Farmingdale State College
> 2350 Broadhollow Road
> Farmingdale, NY 11735
>
>
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Corey H Maass - gelform.com
> Sent: Monday, October 13, 2008 1:38 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Newbie books
>
> Hey, all. I wanted to introduce myself. I'm an experienced programmer
> (remember ASP, before dont net?) with little formal training, so often
> referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
> JS - now tackling PHP and loving it. A couple coworkers recommended this
> list, so I'll be eavesdropping.
>
> I'm looking to go thru a book or two and need some help. I know all
> about loops, conditional statements, and the basics of programming. I
> understand the concepts behind OOP, but have limited experience with
> actually using it. I immediately grasped the basics of the PHP syntax
> but am starting to balk at the double colon meaning a static class and
> the single vs double arrow... So I guess I'm looking for something
> intermediate, and wondering if anyone can make a suggestions?
>
> Thanks,
>
> Corey
>
> //
> Corey H Maass
> Gelform Design
> Brooklyn, NY
> Print and web design for art and business
>
> em corey at gelform.com
> ww http://www.gelform.com
> ph 646/228.5048
> fx 866/502.4861
> IM gelform
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From zippy1981 at gmail.com  Mon Oct 13 15:47:18 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Mon, 13 Oct 2008 15:47:18 -0400
Subject: [nycphp-talk] nyphp-talk Open Source Conference
In-Reply-To: <0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net>
References: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com>
	<0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net>
Message-ID: <5458db3c0810131247x30e16301ked93d60ea8fdc970@mail.gmail.com>

On Mon, Oct 13, 2008 at 3:21 PM, (Margaret) Michele Waldman
<mmwaldman at optonline.net> wrote:
> Made sense to me.  But then again, I read the previous emails.  Funny.


Yeah gmail didn't thread it for me and I didn't put two and two together.

I guess I got a case of the Monday's.

Sorry


From ben at projectskyline.com  Mon Oct 13 15:58:38 2008
From: ben at projectskyline.com (Ben Sgro)
Date: Mon, 13 Oct 2008 15:58:38 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
	<5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
Message-ID: <48F3A86E.7040600@projectskyline.com>

Hello Corey,

1) http://www.amazon.com/PHP-5-Objects-Patterns-Practice/dp/1590593804
2) 
http://www.amazon.com/Object-Oriented-Thought-Process-Developers-Library/dp/0672330164/ref=sr_1_1?ie=UTF8&s=books&qid=1223927768&sr=1-1
3) 
http://www.amazon.com/Object-Oriented-Design-Heuristics-Arthur-Riel/dp/020163385X/ref=sr_1_1?ie=UTF8&s=books&qid=1223927814&sr=1-1

Also, just good coding reads/reference:
1. 
http://www.amazon.com/UNIX-Programming-Addison-Wesley-Professional-Computing/dp/0131429019/ref=sr_1_1?ie=UTF8&s=books&qid=1223927837&sr=1-1
2. 
http://www.amazon.com/Programming-Environment-Addison-Wesley-Professional-Computing/dp/0201433079/ref=sr_1_3?ie=UTF8&s=books&qid=1223927864&sr=1-3

- Ben


Justin Dearing wrote:
> Professor Porciello,
>
> I'm quite confused here. The book is called programming perl, and the
> cover indicated it also has a Python edition to it. Also your
> responding to an email on a php list about a person that wants to
> learn PHP better.
>
> So, does this book have a PHP section? Are you suggesting that this is
> the best book on OOP out there and the OP would be best served
> learning OOP theory from it?
>
> There is one negative review on Amazon saying that the authors seem to
> rewrite the same book over and over again in different languages, and
> that perl due to its weirdness is not well served by this book. IMHO
> That *MIGHT* would serve as a positive review in this case, because
> the problem with perl is you can write it in any paradim you want
> ,procedural, functional, OO, etc. If this book is designed around
> generic OOP principles that apply to other languages, instead of
> teaching you all the perlisms, both good and bad, then it might have
> merit to a PHP Programmer
>
> Corey,
>
> Just out of curosity, do you disagree with the syntax of static
> function, or just not understand their purpose? Can you suggest a
> syntax you would prefer? The syntax btw is taken from C++. It is
> obtuse on one hand, but on the other hand its immediatly clear your
> calling a static function for a class and not a member function of an
> object.
>
> Regards,
>
> Justin Dearing
>
>
>
> On Mon, Oct 13, 2008 at 3:16 PM,  <porciem at farmingdale.edu> wrote:
>   
>> I would recommend an older book - the Deitel book - Perl How to Program.
>> Amazon has it
>> (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr
>> _pr_product_top), and there are reviews on their site that are very
>> favorable.
>> Margaret M. Porciello
>> Professor - Computer Systems Department
>> Farmingdale State College
>> 2350 Broadhollow Road
>> Farmingdale, NY 11735
>>
>>
>>
>> -----Original Message-----
>> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
>> Behalf Of Corey H Maass - gelform.com
>> Sent: Monday, October 13, 2008 1:38 PM
>> To: NYPHP Talk
>> Subject: [nycphp-talk] Newbie books
>>
>> Hey, all. I wanted to introduce myself. I'm an experienced programmer
>> (remember ASP, before dont net?) with little formal training, so often
>> referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
>> JS - now tackling PHP and loving it. A couple coworkers recommended this
>> list, so I'll be eavesdropping.
>>
>> I'm looking to go thru a book or two and need some help. I know all
>> about loops, conditional statements, and the basics of programming. I
>> understand the concepts behind OOP, but have limited experience with
>> actually using it. I immediately grasped the basics of the PHP syntax
>> but am starting to balk at the double colon meaning a static class and
>> the single vs double arrow... So I guess I'm looking for something
>> intermediate, and wondering if anyone can make a suggestions?
>>
>> Thanks,
>>
>> Corey
>>
>> //
>> Corey H Maass
>> Gelform Design
>> Brooklyn, NY
>> Print and web design for art and business
>>
>> em corey at gelform.com
>> ww http://www.gelform.com
>> ph 646/228.5048
>> fx 866/502.4861
>> IM gelform
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>     
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>   


From corey at gelform.com  Mon Oct 13 16:03:33 2008
From: corey at gelform.com (Corey H Maass - gelform.com)
Date: Mon, 13 Oct 2008 16:03:33 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
	<5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
Message-ID: <1223928213.10540.1279064503@webmail.messagingengine.com>

> Just out of curosity, do you disagree with the syntax of static
> function, or just not understand their purpose? Can you suggest a
> syntax you would prefer? The syntax btw is taken from C++. It is
> obtuse on one hand, but on the other hand its immediatly clear your
> calling a static function for a class and not a member function of an
> object.

Oh, I don't disagree with the syntax, I was just saying I'd reached the
end of what I could figure out myself, and needed some help. The problem
I've run into is that my knowledge carries me to the last third of most
PHP intro books I've looked at. Hardly seems worth the money.

Corey

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform



From ajai at bitblit.net  Mon Oct 13 16:14:21 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 13 Oct 2008 16:14:21 -0400 (EDT)
Subject: [nycphp-talk] nyphp-talk Open Source Conference
In-Reply-To: <4711296.291223925357684.JavaMail.root@twoguyshosting.com.>
Message-ID: <Pine.LNX.4.44.0810131614030.19344-100000@bitblit.net>

On Mon, 13 Oct 2008, Donald J. Organ IV wrote:

> I think he's just responding to my origianl question if anyone knew of any in the area.

This is what happens when you top-post...



-- 
Aj.



From chsnyder at gmail.com  Mon Oct 13 16:53:43 2008
From: chsnyder at gmail.com (csnyder)
Date: Mon, 13 Oct 2008 16:53:43 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <1223928213.10540.1279064503@webmail.messagingengine.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
	<5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
	<1223928213.10540.1279064503@webmail.messagingengine.com>
Message-ID: <b76252690810131353m19c7646cx46495bb90d97649a@mail.gmail.com>

On Mon, Oct 13, 2008 at 4:03 PM, Corey H Maass - gelform.com
<corey at gelform.com> wrote:
> The problem I've run into is that my knowledge carries me to the last third of most
> PHP intro books I've looked at.

Gotta check, did you read the online manual?
Specifically http://www.php.net/manual/en/language.oop5.php, but the
entire Language Reference section is a must-read if you are new to php
and want to make sure you have a comprehensive grasp of the language.

It seems like you already know a lot about programming, and just need
to find the "php way" to do things. The manual has been answering
those questions for over ten years.

Chris Snyder
http://chxor.chxo.com/


From corey at gelform.com  Mon Oct 13 17:02:51 2008
From: corey at gelform.com (Corey H Maass - gelform.com)
Date: Mon, 13 Oct 2008 17:02:51 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <b76252690810131353m19c7646cx46495bb90d97649a@mail.gmail.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
	<5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
	<1223928213.10540.1279064503@webmail.messagingengine.com>
	<b76252690810131353m19c7646cx46495bb90d97649a@mail.gmail.com>
Message-ID: <1223931771.22619.1279074937@webmail.messagingengine.com>

Great, thx. And thx, Ben. I'll have a look.

Corey

On Mon, 13 Oct 2008 16:53:43 -0400, "csnyder" <chsnyder at gmail.com> said:
> On Mon, Oct 13, 2008 at 4:03 PM, Corey H Maass - gelform.com
> <corey at gelform.com> wrote:
> > The problem I've run into is that my knowledge carries me to the last third of most
> > PHP intro books I've looked at.
> 
> Gotta check, did you read the online manual?
> Specifically http://www.php.net/manual/en/language.oop5.php, but the
> entire Language Reference section is a must-read if you are new to php
> and want to make sure you have a comprehensive grasp of the language.
> 
> It seems like you already know a lot about programming, and just need
> to find the "php way" to do things. The manual has been answering
> those questions for over ten years.
> 
> Chris Snyder
> http://chxor.chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform



From porciem at FARMINGDALE.EDU  Mon Oct 13 17:03:08 2008
From: porciem at FARMINGDALE.EDU (porciem at FARMINGDALE.EDU)
Date: Mon, 13 Oct 2008 17:03:08 -0400
Subject: [nycphp-talk] Newbie books
In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
References: <1223919505.13746.1279039113@webmail.messagingengine.com>
	<747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu>
	<5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com>
Message-ID: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CB@mail1.it.farmingdale.edu>

Sorry.....
I was "thinking" Perl while reading the PHP listserv.  
My apologies.  

Margaret M. Porciello
Professor - Computer Systems Department
Farmingdale State College
2350 Broadhollow Road
Farmingdale, NY 11735



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Justin Dearing
Sent: Monday, October 13, 2008 3:44 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Newbie books

Professor Porciello,

I'm quite confused here. The book is called programming perl, and the
cover indicated it also has a Python edition to it. Also your
responding to an email on a php list about a person that wants to
learn PHP better.

So, does this book have a PHP section? Are you suggesting that this is
the best book on OOP out there and the OP would be best served
learning OOP theory from it?

There is one negative review on Amazon saying that the authors seem to
rewrite the same book over and over again in different languages, and
that perl due to its weirdness is not well served by this book. IMHO
That *MIGHT* would serve as a positive review in this case, because
the problem with perl is you can write it in any paradim you want
,procedural, functional, OO, etc. If this book is designed around
generic OOP principles that apply to other languages, instead of
teaching you all the perlisms, both good and bad, then it might have
merit to a PHP Programmer

Corey,

Just out of curosity, do you disagree with the syntax of static
function, or just not understand their purpose? Can you suggest a
syntax you would prefer? The syntax btw is taken from C++. It is
obtuse on one hand, but on the other hand its immediatly clear your
calling a static function for a class and not a member function of an
object.

Regards,

Justin Dearing



On Mon, Oct 13, 2008 at 3:16 PM,  <porciem at farmingdale.edu> wrote:
> I would recommend an older book - the Deitel book - Perl How to Program.
> Amazon has it
>
(http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr
> _pr_product_top), and there are reviews on their site that are very
> favorable.
> Margaret M. Porciello
> Professor - Computer Systems Department
> Farmingdale State College
> 2350 Broadhollow Road
> Farmingdale, NY 11735
>
>
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Corey H Maass - gelform.com
> Sent: Monday, October 13, 2008 1:38 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Newbie books
>
> Hey, all. I wanted to introduce myself. I'm an experienced programmer
> (remember ASP, before dont net?) with little formal training, so often
> referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS,
> JS - now tackling PHP and loving it. A couple coworkers recommended this
> list, so I'll be eavesdropping.
>
> I'm looking to go thru a book or two and need some help. I know all
> about loops, conditional statements, and the basics of programming. I
> understand the concepts behind OOP, but have limited experience with
> actually using it. I immediately grasped the basics of the PHP syntax
> but am starting to balk at the double colon meaning a static class and
> the single vs double arrow... So I guess I'm looking for something
> intermediate, and wondering if anyone can make a suggestions?
>
> Thanks,
>
> Corey
>
> //
> Corey H Maass
> Gelform Design
> Brooklyn, NY
> Print and web design for art and business
>
> em corey at gelform.com
> ww http://www.gelform.com
> ph 646/228.5048
> fx 866/502.4861
> IM gelform
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


From mikesz at qualityadvantages.com  Tue Oct 14 01:57:26 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 14 Oct 2008 13:57:26 +0800
Subject: [nycphp-talk] Timeouts ... how to get around it?
Message-ID: <91916458.20081014135726@qualityadvantages.com>

Hello NYPHP,

  I have an array that has 13000 email addresses. For now, its in the
  script but will be in a database table eventually. It is a list of
  known bad guys.

  I have a database table with 9000 records and one of the fields is
  an email address.

  In PHP I am using a foreach to loop through the array and do a
  database lookup to try to find any matching emails.

  I am using this query inside the foreach loop:

        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
        $numRows = mysql_num_rows($res);
        if ( !empty($numRows ))


  It processes about 12000  addresses in the array and the script times out.

  Anyone have a better idea for doing this task?

  TIA for any help.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From mmwaldman at optonline.net  Tue Oct 14 02:07:02 2008
From: mmwaldman at optonline.net ((Margaret) Michele Waldman)
Date: Tue, 14 Oct 2008 02:07:02 -0400
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <91916458.20081014135726@qualityadvantages.com>
Message-ID: <0K8P006V4SZNWE70@mta5.srv.hcvlny.cv.net>

I take it email is indexed?

Michele

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of mikesz at qualityadvantages.com
Sent: Tuesday, October 14, 2008 1:57 AM
To: NYPHP Talk
Subject: [nycphp-talk] Timeouts ... how to get around it?

Hello NYPHP,

  I have an array that has 13000 email addresses. For now, its in the
  script but will be in a database table eventually. It is a list of
  known bad guys.

  I have a database table with 9000 records and one of the fields is
  an email address.

  In PHP I am using a foreach to loop through the array and do a
  database lookup to try to find any matching emails.

  I am using this query inside the foreach loop:

        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
        $numRows = mysql_num_rows($res);
        if ( !empty($numRows ))


  It processes about 12000  addresses in the array and the script times out.

  Anyone have a better idea for doing this task?

  TIA for any help.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From codebowl at gmail.com  Tue Oct 14 02:07:01 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Tue, 14 Oct 2008 02:07:01 -0400
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <91916458.20081014135726@qualityadvantages.com>
References: <91916458.20081014135726@qualityadvantages.com>
Message-ID: <D2850FE3-EEC3-4DD0-8871-48F68C6D27F5@gmail.com>

First of all you will want to index your database.  I am guessing the  
query is taking forever due to it not having indexes.

Also I would suggest that you do this

$res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' ";

also I would make sure you have no duplicates in the database by  
setting a UNIQUE on the email column.

Doing these things should speed up the site however note that if you  
check this on every page load it will be resource intensive.

also what is $email2Chk is it a string or your array of emails?

Thanks,
Joseph Crawford

On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote:

> Hello NYPHP,
>
>  I have an array that has 13000 email addresses. For now, its in the
>  script but will be in a database table eventually. It is a list of
>  known bad guys.
>
>  I have a database table with 9000 records and one of the fields is
>  an email address.
>
>  In PHP I am using a foreach to loop through the array and do a
>  database lookup to try to find any matching emails.
>
>  I am using this query inside the foreach loop:
>
>        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
>        $numRows = mysql_num_rows($res);
>        if ( !empty($numRows ))
>
>
>  It processes about 12000  addresses in the array and the script  
> times out.
>
>  Anyone have a better idea for doing this task?
>
>  TIA for any help.
>
> -- 
> Best regards,
> mikesz                          mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From mikesz at qualityadvantages.com  Tue Oct 14 02:15:48 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 14 Oct 2008 14:15:48 +0800
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <D2850FE3-EEC3-4DD0-8871-48F68C6D27F5@gmail.com>
References: <91916458.20081014135726@qualityadvantages.com>
	<D2850FE3-EEC3-4DD0-8871-48F68C6D27F5@gmail.com>
Message-ID: <1515155909.20081014141548@qualityadvantages.com>

Hello Joseph,

Tuesday, October 14, 2008, 2:07:01 PM, you wrote:

> First of all you will want to index your database.  I am guessing the
> query is taking forever due to it not having indexes.

> Also I would suggest that you do this

> $res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' ";

> also I would make sure you have no duplicates in the database by  
> setting a UNIQUE on the email column.

> Doing these things should speed up the site however note that if you  
> check this on every page load it will be resource intensive.

> also what is $email2Chk is it a string or your array of emails?

> Thanks,
> Joseph Crawford

> On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote:

>> Hello NYPHP,
>>
>>  I have an array that has 13000 email addresses. For now, its in the
>>  script but will be in a database table eventually. It is a list of
>>  known bad guys.
>>
>>  I have a database table with 9000 records and one of the fields is
>>  an email address.
>>
>>  In PHP I am using a foreach to loop through the array and do a
>>  database lookup to try to find any matching emails.
>>
>>  I am using this query inside the foreach loop:
>>
>>        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
>>        $numRows = mysql_num_rows($res);
>>        if ( !empty($numRows ))
>>
>>
>>  It processes about 12000  addresses in the array and the script  
>> times out.
>>
>>  Anyone have a better idea for doing this task?
>>
>>  TIA for any help.
>>
>> -- 
>> Best regards,
>> mikesz                          mailto:mikesz at qualityadvantages.com
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php

> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3519 (20081013) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


$email2Chk is an array element. I thought it was but email is not
indexed. Weird, they index a lot of stuff that doesn't matter but
email is missing....

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From tmpvar at gmail.com  Tue Oct 14 02:47:14 2008
From: tmpvar at gmail.com (Elijah Insua)
Date: Mon, 13 Oct 2008 23:47:14 -0700
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <1515155909.20081014141548@qualityadvantages.com>
References: <91916458.20081014135726@qualityadvantages.com>
	<D2850FE3-EEC3-4DD0-8871-48F68C6D27F5@gmail.com>
	<1515155909.20081014141548@qualityadvantages.com>
Message-ID: <2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com>

mikez,

I would suggest you break this down a bit, for instance instead of running
13000 sql queries, do a simple look up using IN.

For example:

'SELECT * FROM table WHERE email IN ("' . implode('","',$emailsArray) . '")'

Also, selecting columns by name gives a performance boost.
(I'm also guessing that you are going to be performing an action on the
email by its id)

'SELECT email_id FROM table WHERE email in ("' . implode('","',$emailsArray)
. '")'

If this query gets too large, you can always break the loop down into
smaller increments
so instead of processing all of the email addresses at once, you could break
it into 1000
increments.

These techniques combined with the indexing should speed things up for you.

Oh and by the way, if this is running on every page load I would add some
sort of caching routine
so it only runs every 15 minutes or so.

Hope it helps!

-- Elijah Insua


On Mon, Oct 13, 2008 at 11:15 PM, <mikesz at qualityadvantages.com> wrote:

> Hello Joseph,
>
> Tuesday, October 14, 2008, 2:07:01 PM, you wrote:
>
> > First of all you will want to index your database.  I am guessing the
> > query is taking forever due to it not having indexes.
>
> > Also I would suggest that you do this
>
> > $res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' ";
>
> > also I would make sure you have no duplicates in the database by
> > setting a UNIQUE on the email column.
>
> > Doing these things should speed up the site however note that if you
> > check this on every page load it will be resource intensive.
>
> > also what is $email2Chk is it a string or your array of emails?
>
> > Thanks,
> > Joseph Crawford
>
> > On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote:
>
> >> Hello NYPHP,
> >>
> >>  I have an array that has 13000 email addresses. For now, its in the
> >>  script but will be in a database table eventually. It is a list of
> >>  known bad guys.
> >>
> >>  I have a database table with 9000 records and one of the fields is
> >>  an email address.
> >>
> >>  In PHP I am using a foreach to loop through the array and do a
> >>  database lookup to try to find any matching emails.
> >>
> >>  I am using this query inside the foreach loop:
> >>
> >>        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
> >>        $numRows = mysql_num_rows($res);
> >>        if ( !empty($numRows ))
> >>
> >>
> >>  It processes about 12000  addresses in the array and the script
> >> times out.
> >>
> >>  Anyone have a better idea for doing this task?
> >>
> >>  TIA for any help.
> >>
> >> --
> >> Best regards,
> >> mikesz                          mailto:mikesz at qualityadvantages.com
> >>
> >> _______________________________________________
> >> New York PHP Community Talk Mailing List
> >> http://lists.nyphp.org/mailman/listinfo/talk
> >>
> >> NYPHPCon 2006 Presentations Online
> >> http://www.nyphpcon.com
> >>
> >> Show Your Participation in New York PHP
> >> http://www.nyphp.org/show_participation.php
>
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
>
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
>
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
>
> > __________ Information from ESET Smart Security, version of virus
> > signature database 3519 (20081013) __________
>
> > The message was checked by ESET Smart Security.
>
> > http://www.eset.com
>
>
> $email2Chk is an array element. I thought it was but email is not
> indexed. Weird, they index a lot of stuff that doesn't matter but
> email is missing....
>
> --
> Best regards,
>  mikesz                            mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081013/baa39dc0/attachment.html>

From mikesz at qualityadvantages.com  Tue Oct 14 03:29:39 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 14 Oct 2008 15:29:39 +0800
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com>
References: <91916458.20081014135726@qualityadvantages.com>
	<D2850FE3-EEC3-4DD0-8871-48F68C6D27F5@gmail.com>
	<1515155909.20081014141548@qualityadvantages.com>
	<2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com>
Message-ID: <14909196.20081014152939@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/3b71c247/attachment.html>

From mikesz at qualityadvantages.com  Tue Oct 14 03:41:22 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 14 Oct 2008 15:41:22 +0800
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I
	guess other forums are having similar problem too?
Message-ID: <441539530.20081014154122@qualityadvantages.com>

Hello NYPHP,

I am seeing that Registration forms are taking a huge beating from
scammers and spammers today, especially forum sites. I spend most
of my time lately collecting and filtering data to find the freaks
before they find the membership. Use to be and "every now and again"
but now its thousands per day and you can't tell now whether its a
robot or cheap labor doing the form input. Aside from my own sites
that are getting pounded daily I have several client site that average
500 badguy hits a day now and those are just the ones I have a
"known badguy" status, they are hijacking and adding new addresses
everyday, spammers mostly, all forum sites. Just unbelievable, and of
course, mustn't forget my recent episode with the porno  pirate hijacking
my server is still giving me no joy either.

Anybody else having these kinds of problems?
  
I think someone suggested (here I think) that the scammer/spammers
were using CURL to access the database directly, is that possible? If
so how, and how can that be prevented.

In the trap that I have set up, I log the contents of $_REQUEST but I
don't see anything unusual about the submission and all of a sudden
the bad guy ends up in the system as a "Registered" user bypassing all
the captcha security and "moderation" step in the approval process,
like they are accessing the database directly but I don't see any of
this database being passed in $_REQUEST? Any ideas? Or where else I
need to be looking to trap the data that is being passed?

TIA for any pointers.


-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From glenn310b at mac.com  Tue Oct 14 08:03:02 2008
From: glenn310b at mac.com (Glenn)
Date: Tue, 14 Oct 2008 08:03:02 -0400
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <91916458.20081014135726@qualityadvantages.com>
References: <91916458.20081014135726@qualityadvantages.com>
Message-ID: <c55e8d7d793b30e134cf8b9f6057b649@mac.com>

Hi,

Getting those 13000 into the db would be a good thing.
Then you could index the email cols in both tables, and
just do a join on the tables.

In the meantime, maybe try getting ALL of the email values
from the db into an associative array, (email => 1) and looping
over an "array_key_exists". When you find a key match, THEN
look up the full record in the db.

hth,
Glenn

On Oct 14, 2008,  1:57 AM, mikesz at qualityadvantages.com wrote:

> Hello NYPHP,
>
>   I have an array that has 13000 email addresses. For now, its in the
>   script but will be in a database table eventually. It is a list of
>   known bad guys.
>
>   I have a database table with 9000 records and one of the fields is
>   an email address.
>
>   In PHP I am using a foreach to loop through the array and do a
>   database lookup to try to find any matching emails.
>
>   I am using this query inside the foreach loop:
>
>         $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
>         $numRows = mysql_num_rows($res);
>         if ( !empty($numRows ))
>
>
>   It processes about 12000  addresses in the array and the script 
> times out.
>
>   Anyone have a better idea for doing this task?
>
>   TIA for any help.
>
> -- 
> Best regards,
>  mikesz                          mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



From sjmci at optonline.net  Tue Oct 14 08:03:02 2008
From: sjmci at optonline.net (Steve Solomon)
Date: Tue, 14 Oct 2008 08:03:02 -0400
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <91916458.20081014135726@qualityadvantages.com>
Message-ID: <005d01c92df4$cf24dee0$0200a8c0@T1400>

2 more efficient ways:

1 - mysql solution - (You will have to look up the exact syntax) -
select table1.email from table1 where table1.email in (select
table2.email from table2) into table3.  This will give you all the
matches in table3.  Table1 should both probably be indexed on email, but
you can do some testing to see if that matters.

2 - 1950's solution - create 2 sorted text files containing the email
addresses.  Then march through both in PHP, looking for matches.  

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of mikesz at qualityadvantages.com
Sent: Tuesday, October 14, 2008 1:57 AM
To: NYPHP Talk
Subject: [nycphp-talk] Timeouts ... how to get around it?


Hello NYPHP,

  I have an array that has 13000 email addresses. For now, its in the
  script but will be in a database table eventually. It is a list of
  known bad guys.

  I have a database table with 9000 records and one of the fields is
  an email address.

  In PHP I am using a foreach to loop through the array and do a
  database lookup to try to find any matching emails.

  I am using this query inside the foreach loop:

        $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
        $numRows = mysql_num_rows($res);
        if ( !empty($numRows ))


  It processes about 12000  addresses in the array and the script times
out.

  Anyone have a better idea for doing this task?

  TIA for any help.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.8.0/1720 - Release Date:
10/11/2008 3:59 PM




From rolan at omnistep.com  Tue Oct 14 09:56:55 2008
From: rolan at omnistep.com (Rolan Yang)
Date: Tue, 14 Oct 2008 09:56:55 -0400
Subject: [nycphp-talk] Timeouts ... how to get around it?
In-Reply-To: <91916458.20081014135726@qualityadvantages.com>
References: <91916458.20081014135726@qualityadvantages.com>
Message-ID: <48F4A527.30109@omnistep.com>

mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
>   I have an array that has 13000 email addresses. For now, its in the
>   script but will be in a database table eventually. It is a list of
>   known bad guys.
>
>   I have a database table with 9000 records and one of the fields is
> ...
>   Anyone have a better idea for doing this task?
>
>   TIA for any help.
>
>   

The previous replies are all good suggestions to help you logically 
solve the task.
If you want to avoid the timeout, put a "set_time_limit (0);" at the top 
of the script.
I try to run all these processing type scripts under the command line 
interface because some browsers, I believe, will timeout after a set 
period anyway.

~Rolan


From brianw1975 at gmail.com  Tue Oct 14 11:32:29 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Tue, 14 Oct 2008 11:32:29 -0400
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ...
	I guess other forums are having similar problem too?
In-Reply-To: <441539530.20081014154122@qualityadvantages.com>
References: <441539530.20081014154122@qualityadvantages.com>
Message-ID: <ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>

IMO registration forms should only use POST beacuse REQUEST is a
conglomerate of POST, GET, etc and is affected by the php.ini with the
variables_order and  can be  messed up and set insecurely by the host;
having said that, i do believe that cURL can do a POST. so it's not a 100%
solution to the problem.

Having said all of that -- make sure all of your forum software is up to
date with the latest patches, etc; they release those for a reason, and it's
not because they are bored.

Can you specify which forums you are having problems with?  A name might
help with other solutions and suggestions.




On Tue, Oct 14, 2008 at 3:41 AM, <mikesz at qualityadvantages.com> wrote:

> Hello NYPHP,
>
> I am seeing that Registration forms are taking a huge beating from
> scammers and spammers today, especially forum sites. I spend most
> of my time lately collecting and filtering data to find the freaks
> before they find the membership. Use to be and "every now and again"
> but now its thousands per day and you can't tell now whether its a
> robot or cheap labor doing the form input. Aside from my own sites
> that are getting pounded daily I have several client site that average
> 500 badguy hits a day now and those are just the ones I have a
> "known badguy" status, they are hijacking and adding new addresses
> everyday, spammers mostly, all forum sites. Just unbelievable, and of
> course, mustn't forget my recent episode with the porno  pirate hijacking
> my server is still giving me no joy either.
>
> Anybody else having these kinds of problems?
>
> I think someone suggested (here I think) that the scammer/spammers
> were using CURL to access the database directly, is that possible? If
> so how, and how can that be prevented.
>
> In the trap that I have set up, I log the contents of $_REQUEST but I
> don't see anything unusual about the submission and all of a sudden
> the bad guy ends up in the system as a "Registered" user bypassing all
> the captcha security and "moderation" step in the approval process,
> like they are accessing the database directly but I don't see any of
> this database being passed in $_REQUEST? Any ideas? Or where else I
> need to be looking to trap the data that is being passed?
>
> TIA for any pointers.
>
>
> --
> Best regards,
>  mikesz                          mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/d5ac0966/attachment.html>

From mikesz at qualityadvantages.com  Tue Oct 14 11:48:54 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Tue, 14 Oct 2008 23:48:54 +0800
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums
	... I guess other forums are having similar problem too?
In-Reply-To: <ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
Message-ID: <778347011.20081014234854@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/befd94f5/attachment.html>

From brianw1975 at gmail.com  Tue Oct 14 11:58:55 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Tue, 14 Oct 2008 11:58:55 -0400
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin
	forums ... I guess other forums are having similar problem too?
In-Reply-To: <778347011.20081014234854@qualityadvantages.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
	<778347011.20081014234854@qualityadvantages.com>
Message-ID: <ae0c70e80810140858i65771d97v26d9e202651a8a95@mail.gmail.com>

if it has only started happening with the latest version i would check the
vBulletin forums and see if there is a fix for the bug, or to even make sure
they know about it.



On Tue, Oct 14, 2008 at 11:48 AM, <mikesz at qualityadvantages.com> wrote:

>  Hello Brian,
>
>
> Thanks for the reply...
>
>
> I only work on vBulletin and I always make sure I have the latest stuff
> installed. Earlier versions didn't have problem but since 3.7 seems like the
> badguys have found a way to just bypass the whole registration process. Like
> I said in the previous post with captcha and moderation turned on, they
> still end up in the "registered" member queue. I have not a clue how they
> got there.
>
>
> I am trapping $_REQUEST to retrieve as much as I can from the form
> submission to try to analyze what's going on, the software is indeed using
> $_POST, sorry for the miscommunication.
>
>
> --
>
> Best regards,
>
>  mikesz                            mailto:mikesz at qualityadvantages.com<mikesz at qualityadvantages.com>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/ae97dae3/attachment.html>

From joedevon at yahoo.com  Tue Oct 14 11:44:11 2008
From: joedevon at yahoo.com (Joe)
Date: Tue, 14 Oct 2008 08:44:11 -0700 (PDT)
Subject: [nycphp-talk] Dealing with forum spammers
Message-ID: <148217.98468.qm@web83601.mail.sp1.yahoo.com>

In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. 

Other ideas. 

Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot. 

Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer.

Hope this helps.


      


From jcampbell1 at gmail.com  Tue Oct 14 12:03:08 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Tue, 14 Oct 2008 12:03:08 -0400
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin
	forums ... I guess other forums are having similar problem too?
In-Reply-To: <778347011.20081014234854@qualityadvantages.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
	<778347011.20081014234854@qualityadvantages.com>
Message-ID: <8f0676b40810140903v4852e05fp7a436dc3ff578975@mail.gmail.com>

On Tue, Oct 14, 2008 at 11:48 AM,  <mikesz at qualityadvantages.com> wrote:
> Hello Brian,
>
> Thanks for the reply...
>
> I only work on vBulletin and I always make sure I have the latest stuff
> installed. Earlier versions didn't have problem but since 3.7 seems like the
> badguys have found a way to just bypass the whole registration process. Like
> I said in the previous post with captcha and moderation turned on, they
> still end up in the "registered" member queue. I have not a clue how they
> got there.

The tools to defeat captchas are getting better and easier to use.
What is the registration process?  If it is passing a captcha and
confirming an email address, then you may be getting brute forced.
Are your forum links "no follow"?  If not, you could try taking the
incentive to spam away.

-jc


From jellicle at gmail.com  Tue Oct 14 12:07:05 2008
From: jellicle at gmail.com (Michael Sims)
Date: Tue, 14 Oct 2008 12:07:05 -0400
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin
	forums ... I guess other forums are having similar problem too?
In-Reply-To: <778347011.20081014234854@qualityadvantages.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
	<778347011.20081014234854@qualityadvantages.com>
Message-ID: <200810141207.05728.jellicle@gmail.com>

On Tuesday 14 October 2008, mikesz at qualityadvantages.com wrote:

> I only work on vBulletin and I always make sure I have the latest stuff
> installed. Earlier versions didn't have problem but since 3.7 seems like
> the badguys have found a way to just bypass the whole registration
> process. Like I said in the previous post with captcha and moderation
> turned on, they still end up in the "registered" member queue. I have not
> a clue how they got there.
>
> I am trapping $_REQUEST to retrieve as much as I can from the form
> submission to try to analyze what's going on, the software is indeed
> using $_POST, sorry for the miscommunication.

Through SQL injection, the bad guys need not approach through the front-door 
registration process.  Perhaps some query on a random page somewhere is 
being hijacked: Get the stupid widget from the stupid table, and oh, by the 
way, insert this new user into the registered members table.

I'm not familiar with vBulletin but if you can grep through ALL the queries 
being executed on your site, and search for the new badguy usernames that 
are being injected into your table, then you can find which query is being 
used to add them.  It need not be anywhere on the registration page.


Michael Sims



From mikesz at qualityadvantages.com  Tue Oct 14 12:25:01 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Wed, 15 Oct 2008 00:25:01 +0800
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums
	... I guess other forums are having similar problem too?
In-Reply-To: <ae0c70e80810140858i65771d97v26d9e202651a8a95@mail.gmail.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
	<778347011.20081014234854@qualityadvantages.com>
	<ae0c70e80810140858i65771d97v26d9e202651a8a95@mail.gmail.com>
Message-ID: <76044218.20081015002501@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081015/9f3c048e/attachment.html>

From chsnyder at gmail.com  Tue Oct 14 12:39:52 2008
From: chsnyder at gmail.com (csnyder)
Date: Tue, 14 Oct 2008 12:39:52 -0400
Subject: [nycphp-talk] Dealing with forum spammers
In-Reply-To: <148217.98468.qm@web83601.mail.sp1.yahoo.com>
References: <148217.98468.qm@web83601.mail.sp1.yahoo.com>
Message-ID: <b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>

On Tue, Oct 14, 2008 at 11:44 AM, Joe <joedevon at yahoo.com> wrote:
> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it.
>
> Other ideas.
>
> Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot.
>
> Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer.
>
> Hope this helps.
>

Yeah, this is a "really hard" problem, on the order of stopping spam
from coming into your inbox.

For most sites, on most days, you can get by with a few of the hacks
suggested above. Your goal is really to make your site just different
enough that the spammers will have to rewrite their script in order to
spam you. Most will simply move on rather than do that.

But since we're developers here, we kind of need to think long-term
about the problem. The more 5+2 solutions and tarpit hidden fields
that spammers encounter over time, the smarter their scripts are going
to get. It's a classic arms race.

If I was going to write any sort of comments framework today (and that
includes web forms, or anything else that solicits input from the
anonymous web) I would design it so that everything went through a
spam filter first, and the bigger the better. Like GMail if you can
accept that from a privacy point of view, or your organization's
internal spam filter. Then, and only then, would I allow the filtered
comments/responses back into the web system.

The downside is a huge increase in complexity, and a potential lack of
transparency (false positives are a problem, and how do you train the
system?). But comment spam IS spam, they are the same problem.
Actually a little worse, because it's much easier to find comments
forms on the web than it is to find working email addresses.


Chris Snyder
http://chxor.chxo.com/


From chsnyder at gmail.com  Tue Oct 14 13:11:39 2008
From: chsnyder at gmail.com (csnyder)
Date: Tue, 14 Oct 2008 13:11:39 -0400
Subject: [nycphp-talk] Dealing with forum spammers
In-Reply-To: <b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
References: <148217.98468.qm@web83601.mail.sp1.yahoo.com>
	<b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
Message-ID: <b76252690810141011ub3e08cdr7286933e2ed39de7@mail.gmail.com>

On Tue, Oct 14, 2008 at 12:39 PM, csnyder <chsnyder at gmail.com> wrote:
> On Tue, Oct 14, 2008 at 11:44 AM, Joe <joedevon at yahoo.com> wrote:
>> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it.

Just looked at Bad Behavior, and it looks like an excellent tool to
add to the kit.

But really, how primitive are your spamming bots if they can't deliver
a plausible set of HTTP headers?


From sbeam at onsetcorps.net  Tue Oct 14 13:31:20 2008
From: sbeam at onsetcorps.net (sbeam)
Date: Tue, 14 Oct 2008 13:31:20 -0400
Subject: [nycphp-talk] Dealing with forum spammers
In-Reply-To: <b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
References: <148217.98468.qm@web83601.mail.sp1.yahoo.com>
	<b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
Message-ID: <200810141331.20385.sbeam@onsetcorps.net>

On Tuesday 14 October 2008 12:39, csnyder wrote:
> I would design it so that everything went through a
> spam filter first, and the bigger the better. Like GMail if you can
> accept that from a privacy point of view, or your organization's
> internal spam filter. Then, and only then, would I allow the filtered
> comments/responses back into the web system.
>
> The downside is a huge increase in complexity, and a potential lack of
> transparency (false positives are a problem, and how do you train the
> system?). But comment spam IS spam, they are the same problem.
> Actually a little worse, because it's much easier to find comments
> forms on the web than it is to find working email addresses.

Akismet should be mentioned here, a popular spam detection ASP, free for 
non-commercial use
http://akismet.com/

Have used it in a couple sites, easy to use API and it has a really good 
effect. False positives about 2% of the time - but you can usually see why 
it "thought" they were spam....  The admin backend has a comment log where 
moderator can manually approve where needed, similar to wordpress. 

enjoy,
Sam


From sbeam at onsetcorps.net  Tue Oct 14 13:53:25 2008
From: sbeam at onsetcorps.net (sbeam)
Date: Tue, 14 Oct 2008 13:53:25 -0400
Subject: [nycphp-talk] Dealing with forum spammers
In-Reply-To: <b76252690810141011ub3e08cdr7286933e2ed39de7@mail.gmail.com>
References: <148217.98468.qm@web83601.mail.sp1.yahoo.com>
	<b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
	<b76252690810141011ub3e08cdr7286933e2ed39de7@mail.gmail.com>
Message-ID: <200810141353.25149.sbeam@onsetcorps.net>

On Tuesday 14 October 2008 13:11, csnyder wrote:
> Just looked at Bad Behavior, and it looks like an excellent tool to
> add to the kit.
>

hey. that looks interesting too. But it sounds 

http://www.bad-behavior.ioerror.us/documentation/how-it-works/

like it is just looking at HTTP headers? if you are running Apache is maybe 
better handled by mod_security

http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html

which does that and a whole lot more, with less overhead because it never gets 
to the request processing phase. If you are a hosting provider and have 
untrusted web apps running on it, it has to be recommended. It will deny not 
only spam bots but most w0rms and brute force attacks (false positives being 
a problem here as well though)

OTOH if you don't have root, then BB would be a good line of defense.

> But really, how primitive are your spamming bots if they can't deliver
> a plausible set of HTTP headers?

most of them are very stupid and have "Perl/LWP" in the User-Agent header for 
instance. They are no more advanced than they have to be.

Sam


From smanes at magpie.com  Tue Oct 14 15:25:53 2008
From: smanes at magpie.com (Steve Manes)
Date: Tue, 14 Oct 2008 15:25:53 -0400
Subject: [nycphp-talk] Dealing with forum spammers
In-Reply-To: <200810141331.20385.sbeam@onsetcorps.net>
References: <148217.98468.qm@web83601.mail.sp1.yahoo.com>	<b76252690810140939q68adc8efxc9b6ed1b4d137664@mail.gmail.com>
	<200810141331.20385.sbeam@onsetcorps.net>
Message-ID: <48F4F241.2050602@magpie.com>

sbeam wrote:
> Akismet should be mentioned here, a popular spam detection ASP, free for 
> non-commercial use
> http://akismet.com/

Another new entry is Mollum (www.mollum.com).  It was created by the 
lead developer of Drupal, Dries Buytaert.  It bundles up concepts from 
Akismet, Captcha, Razor and SpamAssassin (Baysian filtering) into a 
pretty effective anti-spam package.

I use it on BrooklynRowHouse.com.  It only generates a Captcha (visual 
and aural) when it's unsure.


From compustretch at gmail.com  Tue Oct 14 16:08:58 2008
From: compustretch at gmail.com (forest mars)
Date: Tue, 14 Oct 2008 16:08:58 -0400
Subject: [nycphp-talk] UNIGROUP Meeting 16-OCT-2008 (Thu): Asterisk Open
	Source PBX/Telephony System
In-Reply-To: <200810111102.m9BB24oJ001255@progplus.com>
References: <200810111102.m9BB24oJ001255@progplus.com>
Message-ID: <c2f754300810141308q52fc25c0j415e2ef46b5b9932@mail.gmail.com>

This promises to be very cool. A talk followed by a hands on lab.
And a virtual haunted house in Asterisk. This Thursday!


====================================================================
UNIGROUP OF NEW YORK - UNIX USERS GROUP - OCTOBER 2008 ANNOUNCEMENTS
====================================================================

  --------------------------------------
1. UNIGROUP'S OCTOBER 2008 MEETING NOTICE
  --------------------------------------

     When:  THURSDAY, October 16th, 2008    (** 3rd Thursday **)

    Where:  ** New Location **
            The Cooper Union  <http://www.cooper.edu>
            School of Engineering
            51 Astor Place  (8th Street, between 3rd and 4th Ave)
            East Village, Manhattan
            New York City
            Meeting Room: The Driscoll Room: 136E (1st Floor)
            ** Please RSVP **

     Time:  6:15 PM - 6:25 PM  Registration
            6:25 PM - 6:45 PM  Ask the Wizard, Questions,
                               Answers and Current Events
            6:45 PM - 7:00 PM  Unigroup Business and Announcements
            7:00 PM - 9:30 PM  Main Presentation

            --------------------------------------
    Topic:  The Asterisk Open Source PBX/Telephony System:
            From The Ground Up!
            --------------------------------------

  Speaker:  Paul Charles Leddy

  -------------------------------------------------------------------

  INTRODUCTION:
  -------------

  The Asterisk web site says: Asterisk is the world's leading open
  source telephony engine and tool kit.  This month, our speaker
  will give us a hands-on demonstration of setting up a free PBX
  (Phone System) and IVR (Interactive Voice Response) system,
  using VoIP (Voice over IP) phones and a VoIP provider (Internet
  Phone Service).

  Previously (back in the year 2000), Unigroup had presented
  the "Bayonne" Open Source Telephony Project.

  -------------------------------------------------------------------

  SPECIAL INSTRUCTIONS:
  ---------------------

  To REGISTER for this event, please RSVP by using the Unigroup
  Registration Page:
        http://www.unigroup.org/unigroup-rsvp.html

  This will allow us to automate the registration process.
  (Registration will also add you to our mailing list.)
  Please avoid emailed RSVPs.

  Please continue to check the Unigroup web site and meeting page,
  for any last minute updates concerning this meeting.  If you
  registered for this meeting, please check your email for any last
  minute announcements as the meeting approaches.  Also make sure
  any anti-spam white-lists are updated to _ALLOW_ Unigroup traffic!
  If you block Unigroup Emails, your address will be dropped from
  our mailing list.

  Please RSVP as soon as possible, preferably at least 2-3 days
  prior to the meeting date, so we can plan the food order.
  RSVP deadline is usually the night before the meeting day.

  Note: RSVP is requested for this location to make sure the guard
        will let you into the building.  RSVP also helps us to
        properly plan the meeting (food, drinks, handouts,
        seating, etc.) and speed up your sign-in at the meeting.
        If you forget to RSVP prior to the meeting day, you may
        still be able to show up and attend our meeting, however,
        we cannot guarantee what building security will do if
        you are "not on the list".

  -------------------------------------------------------------------

  MAIN PRESENTATION
  -----------------

  Topic: The Asterisk Open Source PBX/Telephony System:
         From The Ground Up!

  We'll compile the code and start up the asterisk server.  Then
  hook up a couple of phones so we can make an internal PBX call.
  From there, we'll register with a VoIP provider and make
  a real call to someone in the audience.  Last, we can also build
  a basic voice response system to make a virtual "haunted house"
  for this coming October 31st.

  Outline for the Talk:

   - About The Asterisk Project
   - Getting the code and compiling it
   - Basic configuration
   - Setting up phone extensions
   - Registering a SIP phone
   - Making an internal call
   - Registering with a VoIP service
   - Calling an outside line, receiving a call from an outside line
   - Basic call routing and IVR (Interactive Voice Response)
   - (Helping people get a system up and running on their laptops)


  Web Resources:
  --------------

  Asterisk
    http://www.asterisk.org/

  -------------------------------------------------------------------

  Speaker Biography:
  ------------------

  Paul Charles Leddy has been a Linux Systems Administrator for about
  10 years.  The story of how he got involved with computer telephony
  is: "Dreaming of voice over the Internet since circa '96, when
  Paul heard about Mark Spencer's Asterisk, he just had to get it up
  and running.  He downloaded the code onto his Mac laptop and had a
  dial tone within minutes: Wow!  Since then, he has gone on to
  implement a few phone extensions, Interactive Voice Response
  playhouses, hooked up to a real live VoIP service or two, like
  Junction Networks and VoipJet, and helped friends and family
  discover the wonderful world of cheap talk, walking the walk."

  -------------------------------------------------------------------

  Company Biography:
  ------------------

  Paul Charles Leddy is available for help and consultations.

  -------------------------------------------------------------------

  Giveaways:
  ----------

  Addison-Wesley Professional/Prentice Hall PTR has been kind
  enough to provide us with some of their books, which we will
  continue to raffle off as giveaways at our meetings.

  O'Reilly has been kind enough to provide us with some of their
  books, which we will continue to raffle off as giveaways at our
  meetings.

  Unigroup would like to thank both companies for the support
  provided by their User Group programs.

  Note: The chances tend to be about 1 in 5, that any attendee of
  our meeting will walk away with a fairly valuable giveaway
  (ie. most books are valued between $30 and $60)!

  As always, all of the books will be available for review at the
  start of the meeting.

  -------------------------------------------------------------------

  Fee Schedule:
  -------------

  Unigroup is a Professional Technical Organization and User Group,
  and its members pay a yearly membership fee.  For Unigroup members,
  there is usually no additional charges (ie. no meeting fees) during
  their membership year.  Non-members who wish to attend Unigroup
  meetings are usually required to pay a "Single Meeting Fee".

      Yearly Membership (includes all meetings):      $ 50.00
      Student Yearly Membership (with current ID):    $ 25.00
      Non-Member Single Meeting:                      $ 20.00
      Non-Member Student Single Meeting (with ID):    $  5.00

    * Payment Methods: Cash, Check, American Express.

  NOTE: Simply receiving Unigroup Email Announcements does NOT
        indicate membership in Unigroup.

  -------------------------------------------------------------------

  Food:
  -----

  Complimentary Food and Refreshments will be served.  This
  includes "wraps" such as turkey, roast beef, chicken, tuna
  and grilled vegetables as well as assorted salads (potato,
  tossed, pasta, etc), cookies, brownies, bottled water and
  assorted SOFT beverages.

  ** Note: We will be using our normal caterer for this meeting.

  -------------------------------------------------------------------

  Directions:
  -----------

     The Cooper Union  <http://www.cooper.edu>
     School of Engineering
     51 Astor Place  (8th Street, between 3rd and 4th Ave)
     East Village, Manhattan
     New York City
     Room: The Driscoll Room: 136E (1st Floor)

  Located on the North side of Astor Place (8th Street), between
    3rd & 4th Avenues.

  Building lobby sign-in is required at the guard's desk.
  Enter the building, check in with the guard at the lobby for
    directions to The Driscoll Room (1st Floor)...  From the
    main entrance, keep going straight beyond the guard till the
    end of the hall, make a left, pass the elevators (on your
    left), keep going, and Room 136E will be on your right.

  Nearest mass transit stations are:
    '6'           to Astor Place (stops right at The Cooper Union).
    'R'           to 8th Street, then walk about 2 blocks East.
    '4/5/6/R/N/Q' to Union Square, then walk South and East.
    'B/D/F/V'     to Broadway-Lafayette, then walk North and East.

  We believe free street parking becomes available at 6pm.

  -----

  Please mark this meeting on your calendar and join us!
  Please tell your friends about Unigroup!

----------------------------------------------------------------------------
----------------------------------------------------------------------------

  --------------
2. PRIOR MEETINGS
  --------------

  ** Formal Thank You's to our previous speakers will appear
     in an upcoming announcement.

----------------------------------------------------------------------------
----------------------------------------------------------------------------

  -----------------
3. UPCOMING MEETINGS
  -----------------

  We have a series of meetings in the works:

  - 16-OCT-2008: The Asterisk Open Source PBX/Telephony System
  - 20-NOV-2008: Solaris (with OpenSolaris) Launch Meeting (Field Trip: Sun)
  - 15-JAN-2009: Linux Real-Time Messaging (Tervela)
  -        2009: The FreeBSD Networking Stack (George Neville-Neil)
  -    MAR-2009: SuSE Linux Real-Time Kernel (Field Trip: Novell/SuSE)
  - Planning: IPsec and IPv6 and VPNs  (possibly 3 meetings)
  - Planning: NO SPAM!
  - Planning: Embedded Linux Development
  - Planning: Unix/Linux/BSD Distribution Round Table Discussions
  - Unix/Linux/BSD Clusters and Clustered Databases
  - The latest on *BSD (NetBSD/OpenBSD)
  - Crypto / PKI / GPG-PGP
  - Patching and Updating Unix/Linux/BSD (rpm. yum, yast, etc.)
  - Building Custom Kernels Unix/Linux/BSD
  - Are there too many Linux Distributions?
  - Linux Clustering Part 3: Beowulf
  - Building a Firewall using FreeBSD and Linux
  - LAMP Part 2 - PHP
  - Field Trip to HP
  - Unix 35th Birthday Celebration (Sun has offered to host this!)
  - Samba
  - DNS
  - High Performance Internet Servers / Web Acceleration
  - Unix Office Tools: Word Processors, Spreadsheets, Accounting Packages.
  - GNU Development Environments
  - iSCSI, Serial ATA, and other new peripheral technologies
  - Java and/or JavaScript Programming

  ** Unigroup Needs Speakers!!
  Please let us know about any other meeting topics that you may be
  interested in.  Potential speakers on Unix/Linux/BSD related
  technology topics should please contact the Unigroup Board.

----------------------------------------------------------------------------
----------------------------------------------------------------------------

  --------------------
4. UNIGROUP INFORMATION
  --------------------

  Unigroup is one of the oldest and largest Unix User's Groups serving
  the Greater New York City Regional Area since the early 1980s.
  Unigroup is a not-for-profit, vendor-neutral and member funded
  volunteer organization.  Unigroup holds regular and special event
  meetings throughout the year on technical topics relating to Unix
  and the Unix/Linux/BSD User Community.

  Unigroup holds regular meetings planned for (at a minimum) the Third
  THURSDAY of Odd Months.  We generally try to hold Field Trip or
  Vendor Specific Meetings on the Even Months, although we do have the
  ability to hold monthly meetings at our new downtown meeting location.

  Planned regular meeting dates are (usually 3rd Thursdays):
    10/16/2008, 11/20/2008 (Field Trip), 1/15/2009, 3/19/2009 (Field
Trip)...
  Watch for our Special Event meetings at the various trade shows in NYC
  as well as "Field Trips" to the facilities of local hardware and
  software vendors.

  =========================================================================
  = For Unigroup Information, Events and Meeting Announcements be sure to =
  = visit our World Wide Web Home Page:                                   =
  =       http://www.unigroup.org                                         =
  =========================================================================

  For further information or to get on the Unigroup Electronic Mail Mailing
  List send an EMail message to:
       unilist (-a_t-) unigroup.org

  To contact the Board of Directors of Unigroup, send an EMail message to:
       uniboard (-a_t-) unigroup.org

  If you have recently attended a meeting and you are not receiving
  Email announcements, please send us an Email and we will make
  corrections to our lists.

  Please Email the Board with any suggestions, especially potential
  meeting topics and speakers.  Unigroup welcomes contributions and
  content suggestions for our newsletter.  Unigroup is a volunteer
  organization and we need your assistance!  Please let us know if you
  can help!

----------------------------------------------------------------------------
----------------------------------------------------------------------------

-Rob Weiner
 Unigroup Executive Director
 unilist (-a_t-) unigroup.org
 http://www.unigroup.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/28ddd88d/attachment.html>

From joedevon at yahoo.com  Tue Oct 14 15:45:16 2008
From: joedevon at yahoo.com (Joe)
Date: Tue, 14 Oct 2008 12:45:16 -0700 (PDT)
Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15
Message-ID: <381630.50590.qm@web83604.mail.sp1.yahoo.com>

I'm not used to working through lists. Just started. The other one I use they have a reply-to on the individual message so the subject get's appended. How do you guys get the "re" in the subject line?

Anyway, I'm responding to the forum spammer thread. These days, if you put some energy into it, you can reduce spam to just a few a day or less. And using these methods will likely improve your ranking on google and reduce your bandwidth bill, but indeed it's an arms race. Also, I agree Akismet is great btw...




      


From brianw1975 at gmail.com  Tue Oct 14 19:14:07 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Tue, 14 Oct 2008 19:14:07 -0400
Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15
In-Reply-To: <381630.50590.qm@web83604.mail.sp1.yahoo.com>
References: <381630.50590.qm@web83604.mail.sp1.yahoo.com>
Message-ID: <ae0c70e80810141614x413abecbvc6cb6c085b680ac7@mail.gmail.com>

it would appear that your "problems" are arrising from the use of the Digest
volume.

I've been on many a list in my day and the Digest version always breaks a
message thread.

If you continue to use the digest, you would probably be best off to copy
the message that you are replying to into your email *above* your response.




On Tue, Oct 14, 2008 at 3:45 PM, Joe <joedevon at yahoo.com> wrote:

> I'm not used to working through lists. Just started. The other one I use
> they have a reply-to on the individual message so the subject get's
> appended. How do you guys get the "re" in the subject line?
>
> Anyway, I'm responding to the forum spammer thread. These days, if you put
> some energy into it, you can reduce spam to just a few a day or less. And
> using these methods will likely improve your ranking on google and reduce
> your bandwidth bill, but indeed it's an arms race. Also, I agree Akismet is
> great btw...
>
>
>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/cf843f04/attachment.html>

From zippy1981 at gmail.com  Tue Oct 14 19:23:45 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Tue, 14 Oct 2008 19:23:45 -0400
Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15
In-Reply-To: <ae0c70e80810141614x413abecbvc6cb6c085b680ac7@mail.gmail.com>
References: <381630.50590.qm@web83604.mail.sp1.yahoo.com>
	<ae0c70e80810141614x413abecbvc6cb6c085b680ac7@mail.gmail.com>
Message-ID: <5458db3c0810141623o719b9fe9ud434d858ee360077@mail.gmail.com>

On Tue, Oct 14, 2008 at 7:14 PM, Brian Williams <brianw1975 at gmail.com> wrote:
> I've been on many a list in my day and the Digest version always breaks a
> message thread.

Yeah, digests are bad, unless you are sure you will always be read
only. I wonder if some of the list indexing services like nabble allow
you to write a message to the list.


From tgales at tgaconnect.com  Thu Oct 16 16:28:27 2008
From: tgales at tgaconnect.com (Tim Gales)
Date: Thu, 16 Oct 2008 16:28:27 -0400
Subject: [nycphp-talk] prospectus or offering
Message-ID: <48F7A3EB.2080900@tgaconnect.com>

Raf, 

On the phone we talked and I said it would be be helpful
to get the prospectus which Knollwood offers to their
clients. In other words, what they offered the clients.

You said did I mean the something something memorandum
(I think you said the Private Placement Memorandum)

Now if we can get the binding agreement that would be
even better. But what I thought we would go over
at the meeting with Dave (the one that Pete couldn't get to)
was what Knollwood has already promised to the end clients
 in general  terms.

-- Tim G.







From level3 at nyc.rr.com  Thu Oct 16 16:39:18 2008
From: level3 at nyc.rr.com (Gene Costanza)
Date: Thu, 16 Oct 2008 16:39:18 -0400
Subject: [nycphp-talk] prospectus or offering
In-Reply-To: <48F7A3EB.2080900@tgaconnect.com>
Message-ID: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA>

Is this for public knowledge?

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Tim Gales
Sent: Thursday, October 16, 2008 16:28
To: NYPHP Talk
Subject: [nycphp-talk] prospectus or offering


Raf, 

On the phone we talked and I said it would be be helpful
to get the prospectus which Knollwood offers to their
clients. In other words, what they offered the clients.

You said did I mean the something something memorandum
(I think you said the Private Placement Memorandum)

Now if we can get the binding agreement that would be
even better. But what I thought we would go over
at the meeting with Dave (the one that Pete couldn't get to) was what
Knollwood has already promised to the end clients  in general  terms.

-- Tim G.





_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From ashaw at polymerdb.org  Thu Oct 16 16:49:10 2008
From: ashaw at polymerdb.org (Allen Shaw)
Date: Thu, 16 Oct 2008 15:49:10 -0500
Subject: [nycphp-talk] prospectus or offering
In-Reply-To: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA>
References: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA>
Message-ID: <48F7A8C6.9050807@polymerdb.org>

Gene Costanza wrote:
> Is this for public knowledge?
>   
It is now.

-- 
Allen Shaw
slidePresenter (http://slides.sourceforge.net)



From chsnyder at gmail.com  Thu Oct 16 22:05:55 2008
From: chsnyder at gmail.com (csnyder)
Date: Thu, 16 Oct 2008 22:05:55 -0400
Subject: [nycphp-talk] prospectus or offering
In-Reply-To: <48F7A8C6.9050807@polymerdb.org>
References: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA>
	<48F7A8C6.9050807@polymerdb.org>
Message-ID: <b76252690810161905n355ee777g3b242d977c9e2eed@mail.gmail.com>

On Thu, Oct 16, 2008 at 4:49 PM, Allen Shaw <ashaw at polymerdb.org> wrote:
> Gene Costanza wrote:
>>
>> Is this for public knowledge?
>>
>
> It is now.
>

Open source, baby.


From ps at sun-code.com  Fri Oct 17 06:03:00 2008
From: ps at sun-code.com (Peter Sawczynec)
Date: Fri, 17 Oct 2008 06:03:00 -0400
Subject: [nycphp-talk] Thumb Drive Runs Linux OS or Firefox or Open Office
Message-ID: <000501c9303f$8a615fc0$9f241f40$@com>

http://www.informationweek.com/news/storage/reviews/showArticle.jhtml?ar
ticleID=210602269 

 

This article "12 Tricks to Teach Your Thumb Drive" includes info on how
to run apps or an extra OS off a thumb drive. Then use the thumb to
carry a work environment to remote locations. Also, explains a method to
bring a browser with you so you can surf privately and plausibly leave
no tracks at all. 

 

Very occasionally I post a tech article to this list that I believe
could be generally valuable to a PHP programmer.  All very interesting.

 

Warmest regards, 

 

Peter Sawczynec 

Technology Dir.

Sun-code Interactive

Sun-code.com 

941.893.0396

 <mailto:ps at sun-code.com> ps at sun-code.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081017/bd863168/attachment.html>

From mikesz at qualityadvantages.com  Fri Oct 17 07:14:00 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Fri, 17 Oct 2008 19:14:00 +0800
Subject: [nycphp-talk] accessibility issue, how to solve?
Message-ID: <427215754.20081017191400@qualityadvantages.com>

Hello NYPHP,

I know I am going to get some heat for this one but here goes...

Let me preface this by definitively stating that I am categorically
NOT making a request for information on how to hack into a system.
This is a legitimate programming problem that I am trying to solve.

I have a situation where a visually impaired user needs to pass his
username and password to a forum via a php script (preferably) for obvious
reasons he can not physically pass the info himself. He is using a text
reader software so once he is logged in to the forum at least he is able to
participate or a least read the contents of the threads.

The Forum Software provider has been pretty proactive in coding
"injection prevention" methods so passing the username and password
via a script may not be possible.

Any accessibility experts got any suggestions on how to solve this
problem.

TIA for any help.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From rolan at omnistep.com  Fri Oct 17 08:20:37 2008
From: rolan at omnistep.com (Rolan Yang)
Date: Fri, 17 Oct 2008 08:20:37 -0400
Subject: [nycphp-talk] accessibility issue, how to solve?
In-Reply-To: <427215754.20081017191400@qualityadvantages.com>
References: <427215754.20081017191400@qualityadvantages.com>
Message-ID: <48F88315.6080004@omnistep.com>

mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
> I know I am going to get some heat for this one but here goes...
>
> Let me preface this by definitively stating that I am categorically
> NOT making a request for information on how to hack into a system.
> This is a legitimate programming problem that I am trying to solve.
>
> I have a situation where a visually impaired user needs to pass his
> username and password to a forum via a php script (preferably) for obvious
> reasons he can not physically pass the info himself. He is using a text
> reader software so once he is logged in to the forum at least he is able to
> participate or a least read the contents of the threads.
>
> The Forum Software provider has been pretty proactive in coding
> "injection prevention" methods so passing the username and password
> via a script may not be possible.
>
> Any accessibility experts got any suggestions on how to solve this
> problem.
>
> TIA for any help.
>
>   
Don't have enough information. The injection countermeasures employed by 
the forum website need to be examined. In the simplest case, a Curl 
request might suffice.  There might be some javascript "challenge" 
computation task or a captcha that would make things more difficult. If 
possible, I think the easier solution would be to have his browser 
"remember" the login and password. :)


~Rolan


From mikesz at qualityadvantages.com  Fri Oct 17 09:01:16 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Fri, 17 Oct 2008 21:01:16 +0800
Subject: [nycphp-talk] accessibility issue, how to solve?
In-Reply-To: <48F88315.6080004@omnistep.com>
References: <427215754.20081017191400@qualityadvantages.com>
	<48F88315.6080004@omnistep.com>
Message-ID: <19510351101.20081017210116@qualityadvantages.com>

Hello Rolan,

Friday, October 17, 2008, 8:20:37 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> Hello NYPHP,
>>
>> I know I am going to get some heat for this one but here goes...
>>
>> Let me preface this by definitively stating that I am categorically
>> NOT making a request for information on how to hack into a system.
>> This is a legitimate programming problem that I am trying to solve.
>>
>> I have a situation where a visually impaired user needs to pass his
>> username and password to a forum via a php script (preferably) for obvious
>> reasons he can not physically pass the info himself. He is using a text
>> reader software so once he is logged in to the forum at least he is able to
>> participate or a least read the contents of the threads.
>>
>> The Forum Software provider has been pretty proactive in coding
>> "injection prevention" methods so passing the username and password
>> via a script may not be possible.
>>
>> Any accessibility experts got any suggestions on how to solve this
>> problem.
>>
>> TIA for any help.
>>
>>   
> Don't have enough information. The injection countermeasures employed by
> the forum website need to be examined. In the simplest case, a Curl 
> request might suffice.  There might be some javascript "challenge" 
> computation task or a captcha that would make things more difficult. If
> possible, I think the easier solution would be to have his browser 
> "remember" the login and password. :)


> ~Rolan
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3530 (20081017) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com

thanks for the reply.

That works "after" you have done the first login but if the browser
cache get cleared for what ever reason you still have to pass the
username and password somehow. I agree with the idea but I still have
to get that initial login to be automated.

The forum has a multistep compare of md5(password) + seed with stored
password in the db.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From nynj.tech at hotmail.com  Fri Oct 17 14:40:27 2008
From: nynj.tech at hotmail.com (chad qian)
Date: Fri, 17 Oct 2008 14:40:27 -0400
Subject: [nycphp-talk] problem with localhost connection,MAMP
Message-ID: <BLU126-W349A0AB08191C3B569E80AE8320@phx.gbl>


I am working on a mac.I have MAMP installed. This is the apache mysql php combination.I try http://localhost/Applications/MAMP/htdocs/test.php and http://localhost/test.phpI believe apache is running. When I type or paste the above paths in my firefox browser I get this error message:The connection was refused when attempting to contact localhost.
 
Any idea?
 
Thnaks!
 
chad
_________________________________________________________________
Stay organized with simple drag and drop from Windows Live Hotmail.
http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_102008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081017/c759ceed/attachment.html>

From level3 at nyc.rr.com  Fri Oct 17 14:45:51 2008
From: level3 at nyc.rr.com (Gene Costanza)
Date: Fri, 17 Oct 2008 14:45:51 -0400
Subject: [nycphp-talk] problem with localhost connection,MAMP
In-Reply-To: <BLU126-W349A0AB08191C3B569E80AE8320@phx.gbl>
Message-ID: <8EDBF553C877446DA58B2C301869E485@NATASHA>

Specify your URL in a conf

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of chad qian
Sent: Friday, October 17, 2008 14:40
To: talk at lists.nyphp.org
Subject: [nycphp-talk] problem with localhost connection,MAMP


I am working on a mac.
I have MAMP installed. This is the apache mysql php combination.I try 
http://localhost/Applications/MAMP/htdocs/test.php and
http://localhost/test.php
I believe apache is running. 
When I type or paste the above paths in my firefox browser I get this error
message:
The connection was refused when attempting to contact localhost.
 
Any idea?
 
Thnaks!
 
chad


  _____  

Stay organized with simple drag and drop from Windows Live Hotmail. Try it
<http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_102008>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081017/2b14f246/attachment.html>

From brianw1975 at gmail.com  Fri Oct 17 15:16:22 2008
From: brianw1975 at gmail.com (Brian Williams)
Date: Fri, 17 Oct 2008 15:16:22 -0400
Subject: [nycphp-talk] problem with localhost connection,MAMP
In-Reply-To: <BLU126-W349A0AB08191C3B569E80AE8320@phx.gbl>
References: <BLU126-W349A0AB08191C3B569E80AE8320@phx.gbl>
Message-ID: <ae0c70e80810171216l127c0af5n90f5d788972d1bd3@mail.gmail.com>

a) make sure MAMP has Apache active/started

b) make sure you have MAMP set to listen to port 80 or if you can't do that
alter your URL to http://localhost:8888/test.php

c) make sure any firewall you have allows connection to localhost on port
8888 or 80 depending on what you do above


I figure the most likely reason is #a or #b




On Fri, Oct 17, 2008 at 2:40 PM, chad qian <nynj.tech at hotmail.com> wrote:

>  I am working on a mac.
> I have MAMP installed. This is the apache mysql php combination.I try
> http://localhost/Applications/MAMP/htdocs/test.php and
> http://localhost/test.php
> I believe apache is running.
> When I type or paste the above paths in my firefox browser I get this error
> message:
> The connection was refused when attempting to contact localhost.
>
> Any idea?
>
> Thnaks!
>
> chad
>
> ------------------------------
> Stay organized with simple drag and drop from Windows Live Hotmail. Try it<http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_102008>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081017/db54eea6/attachment.html>

From mikesz at qualityadvantages.com  Sun Oct 19 02:34:34 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 19 Oct 2008 14:34:34 +0800
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <48EAB70D.1080208@omnistep.com>
References: <1333632725.20081007090332@qualityadvantages.com>
	<48EAB70D.1080208@omnistep.com>
Message-ID: <415910423.20081019143434@qualityadvantages.com>

Hello Rolan,

Tuesday, October 7, 2008, 9:10:37 AM, you wrote:

> Put the timestamp of when the page was first served as a hidden variable
> in the form. Then compare it to the time when it was submitted (after 
> completed).

> <input type="hidden" name="served" value="<?=time()?>">

> ~Rolan

> mikesz at qualityadvantages.com wrote:
>> Hello NYPHP,
>>
>> Greetings to All,
>>
>> I need to time how long it takes to fill out a registration form, from
>> when it is called to submission. I am trying to compare the time frame difference
>> between the form being manually filled out versus an automated script.
>>
>> Any ideas or direction about how to do this would be enormously
>> appreciated.
>>
>>   
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3497 (20081006) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com

Update: I just discovered that the "robot" that is accessing and
spamming my sites it XRumer. It hacks into gmail, gets a valid gmail
account then it registers and spams as many Forum sites as it can find
to "plant" illicit links so it can exploit google's PR system.

Anyone know of an anti-XRumer script or detector?

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From mikesz at qualityadvantages.com  Sun Oct 19 02:37:34 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 19 Oct 2008 14:37:34 +0800
Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums
	... I guess other forums are having similar problem too?
In-Reply-To: <76044218.20081015002501@qualityadvantages.com>
References: <441539530.20081014154122@qualityadvantages.com>
	<ae0c70e80810140832h740deb3eqf2d010e998eff3d8@mail.gmail.com>
	<778347011.20081014234854@qualityadvantages.com>
	<ae0c70e80810140858i65771d97v26d9e202651a8a95@mail.gmail.com>
	<76044218.20081015002501@qualityadvantages.com>
Message-ID: <958454217.20081019143734@qualityadvantages.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081019/0cb2a824/attachment.html>

From mikesz at qualityadvantages.com  Sun Oct 19 02:44:19 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Sun, 19 Oct 2008 14:44:19 +0800
Subject: [nycphp-talk] accessibility issue, how to solve?
In-Reply-To: <427215754.20081017191400@qualityadvantages.com>
References: <427215754.20081017191400@qualityadvantages.com>
Message-ID: <1314806234.20081019144419@qualityadvantages.com>

Hello mikesz,

Friday, October 17, 2008, 7:14:00 PM, you wrote:

> Hello NYPHP,

> I know I am going to get some heat for this one but here goes...

> Let me preface this by definitively stating that I am categorically
> NOT making a request for information on how to hack into a system.
> This is a legitimate programming problem that I am trying to solve.

> I have a situation where a visually impaired user needs to pass his
> username and password to a forum via a php script (preferably) for obvious
> reasons he can not physically pass the info himself. He is using a text
> reader software so once he is logged in to the forum at least he is able to
> participate or a least read the contents of the threads.

> The Forum Software provider has been pretty proactive in coding
> "injection prevention" methods so passing the username and password
> via a script may not be possible.

> Any accessibility experts got any suggestions on how to solve this
> problem.

> TIA for any help.


I got only one reply to this post. I solved the problem with a simple html
form and a javascript submit so that the blind person that needed the
access just needs to click on an html link if anyone was interested.
The script runs on the local computer and automatically logs them into
their account much like a keystroke capture program would do.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From level3 at nyc.rr.com  Sun Oct 19 06:28:43 2008
From: level3 at nyc.rr.com (Gene Costanza)
Date: Sun, 19 Oct 2008 06:28:43 -0400
Subject: [nycphp-talk] accessibility issue, how to solve?
In-Reply-To: <1314806234.20081019144419@qualityadvantages.com>
Message-ID: <0F57BA3969E84C0BB034E732A123271F@XPPro>

mikez,

Can you top post when you reply please? It's difficult to read a reply when
you have to scroll down 200 lines, then scroll back up to refer to the
original. Thanks...



>>>-----Original Message-----
>>>From: talk-bounces at lists.nyphp.org 
>>>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of 
>>>mikesz at qualityadvantages.com
>>>Sent: Sunday, October 19, 2008 2:44 AM
>>>To: NYPHP Talk
>>>Subject: Re: [nycphp-talk] accessibility issue, how to solve?
>>>
>>>
>>>Hello mikesz,
>>>
>>>Friday, October 17, 2008, 7:14:00 PM, you wrote:
>>>
>>>> Hello NYPHP,
>>>
>>>> I know I am going to get some heat for this one but here goes...
>>>
>>>> Let me preface this by definitively stating that I am 
>>>categorically 
>>>> NOT making a request for information on how to hack into a system. 
>>>> This is a legitimate programming problem that I am trying to solve.
>>>
>>>> I have a situation where a visually impaired user needs to 
>>>pass his 
>>>> username and password to a forum via a php script (preferably) for 
>>>> obvious reasons he can not physically pass the info himself. He is 
>>>> using a text reader software so once he is logged in to 
>>>the forum at 
>>>> least he is able to participate or a least read the 
>>>contents of the 
>>>> threads.
>>>
>>>> The Forum Software provider has been pretty proactive in coding 
>>>> "injection prevention" methods so passing the username and 
>>>password 
>>>> via a script may not be possible.
>>>
>>>> Any accessibility experts got any suggestions on how to solve this 
>>>> problem.
>>>
>>>> TIA for any help.
>>>
>>>
>>>I got only one reply to this post. I solved the problem with 
>>>a simple html form and a javascript submit so that the blind 
>>>person that needed the access just needs to click on an html 
>>>link if anyone was interested. The script runs on the local 
>>>computer and automatically logs them into their account much 
>>>like a keystroke capture program would do.
>>>
>>>-- 
>>>Best regards,
>>> mikesz                            
>>>mailto:mikesz at qualityadvantages.com
>>>
>>>_______________________________________________
>>>New York PHP Community Talk Mailing List 
>>>http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>NYPHPCon 2006 Presentations Online
>>>http://www.nyphpcon.com
>>>
>>>Show Your Participation in New York PHP 
>>>http://www.nyphp.org/show_participation.php
>>>




From rolan at omnistep.com  Sun Oct 19 07:41:56 2008
From: rolan at omnistep.com (Rolan Yang)
Date: Sun, 19 Oct 2008 07:41:56 -0400
Subject: [nycphp-talk] Timing an Input Form Entry
In-Reply-To: <415910423.20081019143434@qualityadvantages.com>
References: <1333632725.20081007090332@qualityadvantages.com>	<48EAB70D.1080208@omnistep.com>
	<415910423.20081019143434@qualityadvantages.com>
Message-ID: <48FB1D04.3070501@omnistep.com>

mikesz at qualityadvantages.com wrote:
> Update: I just discovered that the "robot" that is accessing and
> spamming my sites it XRumer. It hacks into gmail, gets a valid gmail
> account then it registers and spams as many Forum sites as it can find
> to "plant" illicit links so it can exploit google's PR system.
>
> Anyone know of an anti-XRumer script or detector?
>
>   
Forum spamming is a typical problem. To stop that, you need to burden 
your users with a captcha upon registration, or if you don't require 
users to register, then burden them with a captcha upon each posting. I 
suppose if you code up your own exotic form submit scheme (maybe through 
javascript/ajax?) the bots may skip scanning your forms and move onto 
lower hanging fruit.

~Rolan


From jusheehy at vassar.edu  Wed Oct 22 07:54:05 2008
From: jusheehy at vassar.edu (Julia Sheehy)
Date: Wed, 22 Oct 2008 07:54:05 -0400
Subject: [nycphp-talk] RFC -- Lever Voting System
Message-ID: <48FF145D.60001@vassar.edu>


A neighbor sent me a link which I actually opened this morning (usually 
not)  and I was surprised I'd never heard about the backlash against the 
push to move to computerized voting.  I guess in my geeky little world, 
it never occurred to me that people would object so strongly solely on 
the basis of security, I had thought the alienation of voters who were 
not comfortable using technology would be the chief complaint.

What is your take?  -- the link my neighbor sent:    
http://www.electiondefensealliance.org/save_ny_levers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jusheehy.vcf
Type: text/x-vcard
Size: 474 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/f2ff5d17/attachment.vcf>

From randalrust at gmail.com  Wed Oct 22 08:02:55 2008
From: randalrust at gmail.com (Randal Rust)
Date: Wed, 22 Oct 2008 08:02:55 -0400
Subject: [nycphp-talk] RFC -- Lever Voting System
In-Reply-To: <48FF145D.60001@vassar.edu>
References: <48FF145D.60001@vassar.edu>
Message-ID: <a9caffe50810220502o5a0f73f7t43254c65181068a@mail.gmail.com>

On Wed, Oct 22, 2008 at 7:54 AM, Julia Sheehy <jusheehy at vassar.edu> wrote:

> What is your take?  -- the link my neighbor sent:
>  http://www.electiondefensealliance.org/save_ny_levers

Obviously way OT, but the more I think about this, the more I am
convinced that the Presidential election should be a one-week event,
and that should be the only thing that is voted on. You go in the
booth and push one button. Plain and simple. It gets rid of this early
voting nonsense, along with hanging chads and the like.

-- 
Randal Rust
R.Squared Communications
www.r2communications.com
614-370-0036


From codebowl at gmail.com  Wed Oct 22 11:49:14 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 11:49:14 -0400
Subject: [nycphp-talk] [OT] - Politics.com
Message-ID: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>

I know this is not entirely on topic but I thought I would share this  
with you.

Today at 3PM EST a site that I have been working on over the last few  
months is going to go live.

http://www.politics.com/  - If you are political please come check out  
what has been keeping me busy over the last few months.

Thanks,
--
Joseph Crawford
Zend Certified Engineer
http://www.josephcrawford.com/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/2689b204/attachment.html>

From dsteplight at gmail.com  Wed Oct 22 11:52:57 2008
From: dsteplight at gmail.com (Darryle Steplight)
Date: Wed, 22 Oct 2008 11:52:57 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
Message-ID: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>

Hey Joe,
    Looks like I need a username and password :)

On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford <codebowl at gmail.com> wrote:
> I know this is not entirely on topic but I thought I would share this with
> you.
> Today at 3PM EST a site that I have been working on over the last few months
> is going to go live.
> http://www.politics.com/  - If you are political please come check out what
> has been keeping me busy over the last few months.
> Thanks,
> --
> Joseph Crawford
> Zend Certified Engineer
> http://www.josephcrawford.com/
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From matt at atopia.net  Wed Oct 22 11:54:31 2008
From: matt at atopia.net (Matt Juszczak)
Date: Wed, 22 Oct 2008 11:54:31 -0400 (EDT)
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
Message-ID: <20081022115425.U72131@mercury.atopia.net>

I think he means check it out @ 3 PM :)

On Wed, 22 Oct 2008, Darryle Steplight wrote:

> Hey Joe,
>    Looks like I need a username and password :)
>
> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford <codebowl at gmail.com> wrote:
>> I know this is not entirely on topic but I thought I would share this with
>> you.
>> Today at 3PM EST a site that I have been working on over the last few months
>> is going to go live.
>> http://www.politics.com/  - If you are political please come check out what
>> has been keeping me busy over the last few months.
>> Thanks,
>> --
>> Joseph Crawford
>> Zend Certified Engineer
>> http://www.josephcrawford.com/
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From codebowl at gmail.com  Wed Oct 22 11:59:29 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 11:59:29 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
Message-ID: <19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com>

Darryle,

that will be lifted at 3PM EST today :)


On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:

> Hey Joe,
>    Looks like I need a username and password :)
>
> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
>> I know this is not entirely on topic but I thought I would share  
>> this with
>> you.
>> Today at 3PM EST a site that I have been working on over the last  
>> few months
>> is going to go live.
>> http://www.politics.com/  - If you are political please come check  
>> out what
>> has been keeping me busy over the last few months.
>> Thanks,
>> --
>> Joseph Crawford
>> Zend Certified Engineer
>> http://www.josephcrawford.com/
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From dsteplight at gmail.com  Wed Oct 22 12:14:18 2008
From: dsteplight at gmail.com (Darryle Steplight)
Date: Wed, 22 Oct 2008 12:14:18 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com>
Message-ID: <47f4c4570810220914y2a8ea73x45960b0fb5cafbda@mail.gmail.com>

Thanks Matt, yeah I jumped the gun on that one. Realized it right when
I hit the send button.

On Wed, Oct 22, 2008 at 11:59 AM, Joseph Crawford <codebowl at gmail.com> wrote:
> Darryle,
>
> that will be lifted at 3PM EST today :)
>
>
> On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:
>
>> Hey Joe,
>>   Looks like I need a username and password :)
>>
>> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford <codebowl at gmail.com>
>> wrote:
>>>
>>> I know this is not entirely on topic but I thought I would share this
>>> with
>>> you.
>>> Today at 3PM EST a site that I have been working on over the last few
>>> months
>>> is going to go live.
>>> http://www.politics.com/  - If you are political please come check out
>>> what
>>> has been keeping me busy over the last few months.
>>> Thanks,
>>> --
>>> Joseph Crawford
>>> Zend Certified Engineer
>>> http://www.josephcrawford.com/
>>>
>>>
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From jcampbell1 at gmail.com  Wed Oct 22 12:21:33 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Wed, 22 Oct 2008 12:21:33 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
Message-ID: <8f0676b40810220921k28864618s856ee86fab892980@mail.gmail.com>

On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford <codebowl at gmail.com> wrote:
> http://www.politics.com/  - If you are political please come check out what
> has been keeping me busy over the last few months.

Damn... nice domain name.  My expectations are high.

Cheers,
John Campbell


From codebowl at gmail.com  Wed Oct 22 13:24:28 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 13:24:28 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
Message-ID: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>

There is one minor annoyance for me and I have spoken up about it.

While you are on the site in order to get to the detail page you have  
to click on the part of the article where it says '0 comments' you  
cannot click on the title or body of the article as it will just take  
you to the actual source of the article.

If you also find this to be annoying and unclear please send an email  
to support at politics.com

but this was not my decision :)

Thanks,
Joseph Crawford

On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:

> Hey Joe,
>    Looks like I need a username and password :)
>
> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
>> I know this is not entirely on topic but I thought I would share  
>> this with
>> you.
>> Today at 3PM EST a site that I have been working on over the last  
>> few months
>> is going to go live.
>> http://www.politics.com/  - If you are political please come check  
>> out what
>> has been keeping me busy over the last few months.
>> Thanks,
>> --
>> Joseph Crawford
>> Zend Certified Engineer
>> http://www.josephcrawford.com/
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From rotsen at gmail.com  Wed Oct 22 13:31:00 2008
From: rotsen at gmail.com (=?ISO-8859-1?Q?N=E9stor?=)
Date: Wed, 22 Oct 2008 10:31:00 -0700
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
Message-ID: <a304e2d60810221031k159fc89dx7f1e32e963d403f5@mail.gmail.com>

I think that when you click on the title or the body,
you should go to the article and then in the article
you can/should have a link to the source

:-)

On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford <codebowl at gmail.com>wrote:

> There is one minor annoyance for me and I have spoken up about it.
>
> While you are on the site in order to get to the detail page you have to
> click on the part of the article where it says '0 comments' you cannot click
> on the title or body of the article as it will just take you to the actual
> source of the article.
>
> If you also find this to be annoying and unclear please send an email to
> support at politics.com
>
> but this was not my decision :)
>
> Thanks,
> Joseph Crawford
>
> On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:
>
>  Hey Joe,
>>   Looks like I need a username and password :)
>>
>> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford <codebowl at gmail.com>
>> wrote:
>>
>>> I know this is not entirely on topic but I thought I would share this
>>> with
>>> you.
>>> Today at 3PM EST a site that I have been working on over the last few
>>> months
>>> is going to go live.
>>> http://www.politics.com/  - If you are political please come check out
>>> what
>>> has been keeping me busy over the last few months.
>>> Thanks,
>>> --
>>> Joseph Crawford
>>> Zend Certified Engineer
>>> http://www.josephcrawford.com/
>>>
>>>
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>  _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/a644acd1/attachment.html>

From tim_lists at o2group.com  Wed Oct 22 13:47:05 2008
From: tim_lists at o2group.com (Tim Lieberman)
Date: Wed, 22 Oct 2008 11:47:05 -0600
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <a304e2d60810221031k159fc89dx7f1e32e963d403f5@mail.gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
	<a304e2d60810221031k159fc89dx7f1e32e963d403f5@mail.gmail.com>
Message-ID: <6F4AB845-E646-4D79-B7C0-D645BC328655@o2group.com>

That seems sensible to me.  But I'll have to wait and see what it's  
all actually about, really.

-Tim

On Oct 22, 2008, at 11:31 AM, N?stor wrote:

> I think that when you click on the title or the body,
> you should go to the article and then in the article
> you can/should have a link to the source
>
> :-)
>
> On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
> There is one minor annoyance for me and I have spoken up about it.
>
> While you are on the site in order to get to the detail page you  
> have to click on the part of the article where it says '0 comments'  
> you cannot click on the title or body of the article as it will just  
> take you to the actual source of the article.
>
> If you also find this to be annoying and unclear please send an  
> email to support at politics.com
>
> but this was not my decision :)
>
> Thanks,
> Joseph Crawford
>
> On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:
>
> Hey Joe,
>   Looks like I need a username and password :)
>
> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
> I know this is not entirely on topic but I thought I would share  
> this with
> you.
> Today at 3PM EST a site that I have been working on over the last  
> few months
> is going to go live.
> http://www.politics.com/  - If you are political please come check  
> out what
> has been keeping me busy over the last few months.
> Thanks,
> --
> Joseph Crawford
> Zend Certified Engineer
> http://www.josephcrawford.com/
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From codebowl at gmail.com  Wed Oct 22 14:00:45 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 14:00:45 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <a304e2d60810221031k159fc89dx7f1e32e963d403f5@mail.gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
	<a304e2d60810221031k159fc89dx7f1e32e963d403f5@mail.gmail.com>
Message-ID: <E9A1995B-2630-4A60-8264-2042C79866C9@gmail.com>

If you feel the same as Nestor and I please click the Feedback link in  
the header of the site and submit it there :)

I would love to see that change but I doubt they will without the user  
input.

Joseph Crawford

On Oct 22, 2008, at 1:31 PM, N?stor wrote:

> I think that when you click on the title or the body,
> you should go to the article and then in the article
> you can/should have a link to the source
>
> :-)
>
> On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
> There is one minor annoyance for me and I have spoken up about it.
>
> While you are on the site in order to get to the detail page you  
> have to click on the part of the article where it says '0 comments'  
> you cannot click on the title or body of the article as it will just  
> take you to the actual source of the article.
>
> If you also find this to be annoying and unclear please send an  
> email to support at politics.com
>
> but this was not my decision :)
>
> Thanks,
> Joseph Crawford
>
> On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote:
>
> Hey Joe,
>   Looks like I need a username and password :)
>
> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford  
> <codebowl at gmail.com> wrote:
> I know this is not entirely on topic but I thought I would share  
> this with
> you.
> Today at 3PM EST a site that I have been working on over the last  
> few months
> is going to go live.
> http://www.politics.com/  - If you are political please come check  
> out what
> has been keeping me busy over the last few months.
> Thanks,
> --
> Joseph Crawford
> Zend Certified Engineer
> http://www.josephcrawford.com/
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/a450b28f/attachment.html>

From zippy1981 at gmail.com  Wed Oct 22 14:56:28 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Wed, 22 Oct 2008 14:56:28 -0400
Subject: [nycphp-talk] Re: [nycbug-talk] LinkedIn: Worth it or not?
In-Reply-To: <5458db3c0810221155k779d47cbkff2878e43a0c7b51@mail.gmail.com>
References: <20081021135558.P63279@mercury.atopia.net>
	<oq3aiott0b.fsf@castrovalva.Ivy.NET>
	<5458db3c0810221155k779d47cbkff2878e43a0c7b51@mail.gmail.com>
Message-ID: <5458db3c0810221156p61f1929emc77542cfca6cc43b@mail.gmail.com>

Damn reply to address.

On Wed, Oct 22, 2008 at 2:55 PM, Justin Dearing <zippy1981 at gmail.com> wrote:

> On Wed, Oct 22, 2008 at 1:54 PM, Miles Nordin <carton at ivy.net> wrote:
>
>> I find this type of work too degrading to associate that intimately
>> with my personal identity.
>
>
> You find your work degrading? The only time I was unable to find any level
> of dignity in my work was a stint at Burger king. That was only because I
> sucked at making burgers. Why do it if its degrading?
>
> Secondly I find it violating that someone would EXPECT to see a
>> conveniently-formatted list of all the other people I know.  Police
>> and stalkers drool over such information, and that's the big part of
>> why we don't like the kind of attention either gives us, and if it's a
>> person judging me rather than merely a fan I feel doubly violated.
>>
>
> To each their own. Its an opt in kind of thing. Some people live very
> public lives. Granted, being a "social network whore" when one is young and
> desperate might haunt a person when they are older. Man is a social animal,
> we all need to engage in a certain level of intercourse (in the general, not
> sexual sense) to meet our various needs and wants.
>
> Now personally, I'd prefer to hire or be hired by people that had a certain
> level of knowledge of my personal life. If you have political view that are
> 180 degrees from mine, I can work with you if you can respect my views. You
> might not be able to tolerate my worldview though. I'd rather you find out
> on your own by googling me rather than seeing a website on my monitor that
> I'm looking at lunchtime. That way you never make me an offer and neither of
> us are put in a hard position. Also, I refuse to remain absolutely ambiguous
> of all my personal views for 40-60 hours a week. I'm not going to go out of
> my way to preach my views, but I don't want to be afraid when topics come
> up.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/9029a870/attachment.html>

From ajai at bitblit.net  Wed Oct 22 15:15:42 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Wed, 22 Oct 2008 15:15:42 -0400 (EDT)
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
Message-ID: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>

On Wed, 22 Oct 2008, Joseph Crawford wrote:

> Today at 3PM EST a site that I have been working on over the last few  
> months is going to go live.

Still locked @ 3:15pm...



-- 
Aj.



From codebowl at gmail.com  Wed Oct 22 16:06:44 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 16:06:44 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
Message-ID: <F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>

Sorry it should be unlocked now.

I am not sure what delayed them.  I said 3PM they were supposed to  
have it done at 2:30PM :)

Thanks,
Joseph Crawford

On Oct 22, 2008, at 3:15 PM, Ajai Khattri wrote:

> On Wed, 22 Oct 2008, Joseph Crawford wrote:
>
>> Today at 3PM EST a site that I have been working on over the last few
>> months is going to go live.
>
> Still locked @ 3:15pm...
>
>
>
> -- 
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From smanes at magpie.com  Wed Oct 22 16:11:53 2008
From: smanes at magpie.com (Steve Manes)
Date: Wed, 22 Oct 2008 16:11:53 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
Message-ID: <48FF8909.2000908@magpie.com>

Joseph Crawford wrote:
> There is one minor annoyance for me and I have spoken up about it.
> 
> While you are on the site in order to get to the detail page you have to 
> click on the part of the article where it says '0 comments' you cannot 
> click on the title or body of the article as it will just take you to 
> the actual source of the article.

One other minor annoyance, and I don't mean to pick because I have this 
problem with a lot of sites that require double-opt.  But it's something 
that a lot of site developers seem to overlook: ya gotta register that 
outbound STMP server in DNS:

Oct 22 16:08:14 jack postfix/smtpd[93665]: connect from 
unknown[208.91.206.42]
Oct 22 16:08:14 jack postfix/smtpd[93665]: NOQUEUE: reject: CONNECT from 
unknown[208.91.206.42]: 554 5.7.1 Client host rejected: cannot find your 
hostname, [208.91.206.42]; proto=SMTP
Oct 22 16:08:14 jack postfix/smtpd[93665]: disconnect from 
unknown[208.91.206.42]

Mail servers like mine that do reverse DNS lookups to prevent spamming 
will reject inbound mail from unknown hosts.


From sequethin at gmail.com  Wed Oct 22 16:12:49 2008
From: sequethin at gmail.com (Michael Hernandez)
Date: Wed, 22 Oct 2008 16:12:49 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
Message-ID: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>

Looks cool. Is it Zend Framework? Or ?

--Mike H


On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote:

> Sorry it should be unlocked now.
>
> I am not sure what delayed them.  I said 3PM they were supposed to  
> have it done at 2:30PM :)
>
> Thanks,
> Joseph Crawford
>


From codebowl at gmail.com  Wed Oct 22 16:37:15 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 16:37:15 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <48FF8909.2000908@magpie.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>	<47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com>
	<03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com>
	<48FF8909.2000908@magpie.com>
Message-ID: <3AB314A4-BBB7-4AE4-8A4B-ED56DF94A016@gmail.com>

No need to pick, please do.

I will make sure all issues are addressed.

Thanks,
Joseph Crawford

On Oct 22, 2008, at 4:11 PM, Steve Manes wrote:

> Joseph Crawford wrote:
>> There is one minor annoyance for me and I have spoken up about it.
>> While you are on the site in order to get to the detail page you  
>> have to click on the part of the article where it says '0 comments'  
>> you cannot click on the title or body of the article as it will  
>> just take you to the actual source of the article.
>
> One other minor annoyance, and I don't mean to pick because I have  
> this problem with a lot of sites that require double-opt.  But it's  
> something that a lot of site developers seem to overlook: ya gotta  
> register that outbound STMP server in DNS:
>
> Oct 22 16:08:14 jack postfix/smtpd[93665]: connect from  
> unknown[208.91.206.42]
> Oct 22 16:08:14 jack postfix/smtpd[93665]: NOQUEUE: reject: CONNECT  
> from unknown[208.91.206.42]: 554 5.7.1 Client host rejected: cannot  
> find your hostname, [208.91.206.42]; proto=SMTP
> Oct 22 16:08:14 jack postfix/smtpd[93665]: disconnect from  
> unknown[208.91.206.42]
>
> Mail servers like mine that do reverse DNS lookups to prevent  
> spamming will reject inbound mail from unknown hosts.
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From codebowl at gmail.com  Wed Oct 22 16:37:47 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 16:37:47 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>
Message-ID: <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>

Michael,

Unfortunately no it is not ZF, it is a custom framework that my  
employer has developed and uses for all their sites.

Thanks,
Joseph Crawford

On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote:

> Looks cool. Is it Zend Framework? Or ?
>
> --Mike H
>
>
> On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote:
>
>> Sorry it should be unlocked now.
>>
>> I am not sure what delayed them.  I said 3PM they were supposed to  
>> have it done at 2:30PM :)
>>
>> Thanks,
>> Joseph Crawford
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From petros.ziogas at gmail.com  Wed Oct 22 18:49:30 2008
From: petros.ziogas at gmail.com (Petros Ziogas)
Date: Thu, 23 Oct 2008 01:49:30 +0300
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>
	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
Message-ID: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>

I think it is a very solid effort, well done. On a great domain of course.

Only thing that might confuse a user, is the different behavior on the
article links.

You have to click on the "x comments" in order to stay in politics.com,
every other link send to the actual story.

I believe it needs a little clarification. It works like digg but even
digg.com can seem peculiar to a first visitor.

Petros Ziogas
Athens, Greece


2008/10/22 Joseph Crawford <codebowl at gmail.com>

> Michael,
>
> Unfortunately no it is not ZF, it is a custom framework that my employer
> has developed and uses for all their sites.
>
> Thanks,
> Joseph Crawford
>
>
> On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote:
>
>  Looks cool. Is it Zend Framework? Or ?
>>
>> --Mike H
>>
>>
>> On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote:
>>
>>  Sorry it should be unlocked now.
>>>
>>> I am not sure what delayed them.  I said 3PM they were supposed to have
>>> it done at 2:30PM :)
>>>
>>> Thanks,
>>> Joseph Crawford
>>>
>>>  _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081023/4752b116/attachment.html>

From codebowl at gmail.com  Wed Oct 22 19:30:46 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 19:30:46 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>
	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
	<236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
Message-ID: <AC0CD23D-54F6-4472-B92D-B2870F894518@gmail.com>

Petros,

That is the annoyance I was talking about.  Could you please click the  
feedback link in the header and send that to the PM :)

They won't change it unless they get user feedback that it needs to  
change.

Thanks,
Joseph Crawford

On Oct 22, 2008, at 6:49 PM, Petros Ziogas wrote:

> I think it is a very solid effort, well done. On a great domain of  
> course.
>
> Only thing that might confuse a user, is the different behavior on  
> the article links.
>
> You have to click on the "x comments" in order to stay in  
> politics.com, every other link send to the actual story.
>
> I believe it needs a little clarification. It works like digg but  
> even digg.com can seem peculiar to a first visitor.
>
> Petros Ziogas
> Athens, Greece
>
>
> 2008/10/22 Joseph Crawford <codebowl at gmail.com>
> Michael,
>
> Unfortunately no it is not ZF, it is a custom framework that my  
> employer has developed and uses for all their sites.
>
> Thanks,
> Joseph Crawford
>
>
> On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote:
>
> Looks cool. Is it Zend Framework? Or ?
>
> --Mike H
>
>
> On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote:
>
> Sorry it should be unlocked now.
>
> I am not sure what delayed them.  I said 3PM they were supposed to  
> have it done at 2:30PM :)
>
> Thanks,
> Joseph Crawford
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081022/f70d8be6/attachment.html>

From smanes at magpie.com  Wed Oct 22 19:57:06 2008
From: smanes at magpie.com (Steve Manes)
Date: Wed, 22 Oct 2008 19:57:06 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
	<236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
Message-ID: <48FFBDD2.9000405@magpie.com>

Petros Ziogas wrote:
> You have to click on the "x comments" in order to stay in politics.com 
> <http://politics.com>, every other link send to the actual story.

I presume there are copyright issues here?


From codebowl at gmail.com  Wed Oct 22 21:11:27 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 22 Oct 2008 21:11:27 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <48FFBDD2.9000405@magpie.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
	<236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
	<48FFBDD2.9000405@magpie.com>
Message-ID: <E5F6E182-F511-4ACB-9316-516AA371A20B@gmail.com>

There would be no copyright issues if we linked to the source on the  
details page.

On Oct 22, 2008, at 7:57 PM, Steve Manes wrote:

> Petros Ziogas wrote:
>> You have to click on the "x comments" in order to stay in  
>> politics.com <http://politics.com>, every other link send to the  
>> actual story.
>
> I presume there are copyright issues here?
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From smanes at magpie.com  Wed Oct 22 21:54:29 2008
From: smanes at magpie.com (Steve Manes)
Date: Wed, 22 Oct 2008 21:54:29 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <E5F6E182-F511-4ACB-9316-516AA371A20B@gmail.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>	<236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>	<48FFBDD2.9000405@magpie.com>
	<E5F6E182-F511-4ACB-9316-516AA371A20B@gmail.com>
Message-ID: <48FFD955.3070707@magpie.com>

Joseph Crawford wrote:
> There would be no copyright issues if we linked to the source on the 
> details page.

Fair Use only permits limited quotation of a copyrighted work.  This 
summer AP went nuts when it floated a new policy requiring a license to 
republish even five words from one of its news articles:

http://www.boingboing.net/2008/06/17/associated-press-exp.html


From petros.ziogas at gmail.com  Thu Oct 23 07:38:59 2008
From: petros.ziogas at gmail.com (Petros Ziogas)
Date: Thu, 23 Oct 2008 14:38:59 +0300
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <48FFD955.3070707@magpie.com>
References: <Pine.LNX.4.44.0810221515070.25337-100000@bitblit.net>
	<F4DECC75-6863-42BF-9D16-DAD48181D8AE@gmail.com>
	<30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com>
	<64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com>
	<236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com>
	<48FFBDD2.9000405@magpie.com>
	<E5F6E182-F511-4ACB-9316-516AA371A20B@gmail.com>
	<48FFD955.3070707@magpie.com>
Message-ID: <236c3b210810230438l560534f6m45d2107240a101d2@mail.gmail.com>

I see the need to have a link to original story. It would be unfair to
completely reproduce the text (even with a link mentioning the source).
My note was actual on the implementation of this. It would seem more logical
to have a "visit mentioned article" and a  "comment on the article" or
something similar. My English is not that good unfortunately.

Joseph I am using the feedback right now...

Petros Ziogas
Athens, Greece



2008/10/23 Steve Manes <smanes at magpie.com>

> Joseph Crawford wrote:
>
>> There would be no copyright issues if we linked to the source on the
>> details page.
>>
>
> Fair Use only permits limited quotation of a copyrighted work.  This summer
> AP went nuts when it floated a new policy requiring a license to republish
> even five words from one of its news articles:
>
> http://www.boingboing.net/2008/06/17/associated-press-exp.html
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081023/04da47bd/attachment.html>

From tedd at sperling.com  Thu Oct 23 08:32:40 2008
From: tedd at sperling.com (tedd)
Date: Thu, 23 Oct 2008 08:32:40 -0400
Subject: [nycphp-talk] [OT] - Politics.com
In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com>
Message-ID: <p06240805c5261e8d6111@[192.168.1.101]>

At 11:49 AM -0400 10/22/08, Joseph Crawford wrote:
>I know this is not entirely on topic but I thought I would share 
>this with you.
>
>Today at 3PM EST a site that I have been working on over the last 
>few months is going to go live.
>
><http://www.politics.com/>http://www.politics.com/  - If you are 
>political please come check out what has been keeping me busy over 
>the last few months.

Joseph:

Check out:

<http://validator.w3.org/check?uri=http://politics.com>

Might want to fix some of those errors.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From nynj.tech at hotmail.com  Fri Oct 24 16:09:50 2008
From: nynj.tech at hotmail.com (chad qian)
Date: Fri, 24 Oct 2008 16:09:50 -0400
Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC
Message-ID: <BLU126-W2206EEB66834E94CFF49BAE82B0@phx.gbl>


I install MAMP on MAC.
I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't see created databases  under phpmyadmin Where as the Mysql query browser and the Mysql administrator are seeing them.  
 
Any idea?Thanks!
 
chad
_________________________________________________________________
When your life is on the go?take your life with you.
http://clk.atdmt.com/MRT/go/115298558/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081024/e4bc1b04/attachment.html>

From zippy1981 at gmail.com  Fri Oct 24 16:19:13 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Fri, 24 Oct 2008 16:19:13 -0400
Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC
In-Reply-To: <BLU126-W2206EEB66834E94CFF49BAE82B0@phx.gbl>
References: <BLU126-W2206EEB66834E94CFF49BAE82B0@phx.gbl>
Message-ID: <5458db3c0810241319v5d89eae6hc5d41446efd92f6b@mail.gmail.com>

are yu sure your connecting to the same database from mysqladmin as
the console? did you check the apache error log, assuming mysql errors
are configured to go there.

On Fri, Oct 24, 2008 at 4:09 PM, chad qian <nynj.tech at hotmail.com> wrote:
> I install MAMP on MAC.
> I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't see
> created databases
> under phpmyadmin Where as the Mysql query browser and the Mysql
> administrator are seeing them.
>
> Any idea?Thanks!
>
> chad
>
> ________________________________
> When your life is on the go?take your life with you. Try Windows Mobile(R)
> today
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From ajai at bitblit.net  Fri Oct 24 16:19:40 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Fri, 24 Oct 2008 16:19:40 -0400 (EDT)
Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC
In-Reply-To: <BLU126-W2206EEB66834E94CFF49BAE82B0@phx.gbl>
Message-ID: <Pine.LNX.4.44.0810241618420.25337-100000@bitblit.net>

On Fri, 24 Oct 2008, chad qian wrote:

> I install MAMP on MAC.
> I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't
> see created databases  under phpmyadmin Where as the Mysql query browser 
> and the Mysql administrator are seeing them.  

You will only se databases your MySQL username is allowed to see.

Maybe you used "root" in the query browser but not in phpMyAdmin?


-- 
A



From david at davidmintz.org  Tue Oct 28 22:40:26 2008
From: david at davidmintz.org (David Mintz)
Date: Tue, 28 Oct 2008 22:40:26 -0400
Subject: [nycphp-talk] serving a download only to authenticated users
Message-ID: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com>

You folks have done this a thousand times so it's cake to you. This is the
first time I have had to make a Powerpoint download available only to
authenticated users. Tell me if it's this simple:

<?php
/* download.php pr something like that */

// authentication logic. Then, if they're logged in...

header('Content-disposition: attachment; filename=whatever.ppt');
header('Content-type: application/vnd.ms-powerpoint');
readfile('whatever.ppt');

And yes, I think I will put an apache directive in there to deny direct
browser access so they can't defeat it by accessing
http://example.org/password-protected-area/whatever.ppt. Or maybe put it
somewhere outside the public html.

Is that it, or am I missing anything?

-- 
David Mintz
http://davidmintz.org/

The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081028/44d35b13/attachment.html>

From zippy1981 at gmail.com  Tue Oct 28 22:49:47 2008
From: zippy1981 at gmail.com (Justin Dearing)
Date: Tue, 28 Oct 2008 22:49:47 -0400
Subject: [nycphp-talk] serving a download only to authenticated users
In-Reply-To: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com>
References: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com>
Message-ID: <5458db3c0810281949s19d6bce9j204864769cd26d8b@mail.gmail.com>

Yeah don't keep the powerpoint in the htdocs directory.  Your
methodology is sound. Of course, if this is the only thing password
protected, just protect that directory with a htpasswd and htaccess
file.

On Tue, Oct 28, 2008 at 10:40 PM, David Mintz <david at davidmintz.org> wrote:
>
> You folks have done this a thousand times so it's cake to you. This is the
> first time I have had to make a Powerpoint download available only to
> authenticated users. Tell me if it's this simple:
>
> <?php
> /* download.php pr something like that */
>
> // authentication logic. Then, if they're logged in...
>
> header('Content-disposition: attachment; filename=whatever.ppt');
> header('Content-type: application/vnd.ms-powerpoint');
> readfile('whatever.ppt');
>
> And yes, I think I will put an apache directive in there to deny direct
> browser access so they can't defeat it by accessing
> http://example.org/password-protected-area/whatever.ppt. Or maybe put it
> somewhere outside the public html.
>
> Is that it, or am I missing anything?
>
> --
> David Mintz
> http://davidmintz.org/
>
> The subtle source is clear and bright
> The tributary streams flow through the darkness
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From corey at gelform.com  Wed Oct 29 06:54:48 2008
From: corey at gelform.com (Corey H Maass - gelform.com)
Date: Wed, 29 Oct 2008 06:54:48 -0400
Subject: [nycphp-talk] serving a download only to authenticated users
In-Reply-To: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com>
References: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com>
Message-ID: <1225277688.23218.1281850507@webmail.messagingengine.com>

It's also straight forward to hide the location o the original file by
using fopen, fread.

// authentication logic, then...

$fileName = 'whatever.ppt';
$filePath = 'folder/' $fileName;

header('Content-Disposition: atachment; filename="' . $fileName . '"');
header("Content-Type: application/ppt"); // <-- not sure this is right
header("Content-Length: " . filesize($filePath));
header("Pragma: no-cache");
header("Expires: 0");
$fp=fopen("$filePath","r");
print fread($fp, filesize("$filePath"));
fclose($fp);



On Tue, 28 Oct 2008 22:40:26 -0400, "David Mintz" <david at davidmintz.org>
said:
> You folks have done this a thousand times so it's cake to you. This is
> the
> first time I have had to make a Powerpoint download available only to
> authenticated users. Tell me if it's this simple:
> 
> <?php
> /* download.php pr something like that */
> 
> // authentication logic. Then, if they're logged in...
> 
> header('Content-disposition: attachment; filename=whatever.ppt');
> header('Content-type: application/vnd.ms-powerpoint');
> readfile('whatever.ppt');
> 
> And yes, I think I will put an apache directive in there to deny direct
> browser access so they can't defeat it by accessing
> http://example.org/password-protected-area/whatever.ppt. Or maybe put it
> somewhere outside the public html.
> 
> Is that it, or am I missing anything?
> 
> -- 
> David Mintz
> http://davidmintz.org/
> 
> The subtle source is clear and bright
> The tributary streams flow through the darkness

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform



From lists at zaunere.com  Wed Oct 29 12:20:54 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Wed, 29 Oct 2008 12:20:54 -0400
Subject: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK
Message-ID: <000901c939e2$51b8afa0$f52a0ee0$@com>

All,

We're pleased to host two of Sun/MySQL premier technical team members for a
NYPHP Special Presentation, November 12th.  We'll put the announcement out
this week, but first you need to pick which presentation should be given -
these are technical/overview presentations.

These are the options (some have descriptions for greater clarity) - a
simple plus one for ONE presentation that you'd like is all that's needed.

Please provide feedback ASAP so that we can schedule things correctly.


-- Writing Tag systems in PHP/MySQL, that scale to memcached, with XDebug
for Profiling;  Writing a social application such as forums, messaging or
guilds with PHP/MySQL and what happens when a million people show up on
opening day.

-- MySQL 5.1 features

-- Using MySQL partitions in practice

-- MySQL Proxy wizardry

-- Testing with MySQL Sandbox
MySQL Sandbox is a tool that can install a side instance of MySQL in a few
seconds, efficiently, precisely, and without influencing existing
installations. Testing new versions can be tedious and error prone. Using
MySQL Sandbox, the process of testing single servers or replication systems
can be greatly simplified.

-- MySQL Community How To
A sort of movie of the ways a community member can participate to the MySQL
project, with a step-by-step illustration of what is available and how to
use it, from getting help with forums to contributing code, passing through
events, reporting bugs, publishing projects.

-- Creative cross-language programming with MySQL
Although MySQL is sometimes perceived as a minimalist DBMS, it has a huge
potential for creative hacks. The Federated and Blackhole engine, MySQL
Proxy, user variables, and some other hooks allow the imaginative developer
to achieve impressive results independently from the client's programming
language.

-- Advanced Lua programming for MySQL Proxy
Having learned the basic of Lua programming for Proxy, some advanced topics
can be covered.  This session will explain how to tackle some difficult
tasks with the Proxy, organizing your work so that you can create a new
script in minutes:
 -- using a script loader to change script at run time, without restarting;
 -- creating new commands
 -- creating quick methods for returning datasets and error messages to the
client;
 -- Executing multiple commands in the Proxy, while returning only one
result to the client
 -- chaining more scripts to extend Proxy feature

---
Hans Zaunere / Managing Member / New York PHP
      www.nyphp.org  / ?www.nyphp.com






From anthony at thrillist.com  Wed Oct 29 12:32:35 2008
From: anthony at thrillist.com (Anthony Wlodarski)
Date: Wed, 29 Oct 2008 12:32:35 -0400
Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU
 PICK]
Message-ID: <49089023.1030505@thrillist.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081029/4af717e1/attachment.html>

From ajai at bitblit.net  Wed Oct 29 13:29:41 2008
From: ajai at bitblit.net (Ajai Khattri)
Date: Wed, 29 Oct 2008 13:29:41 -0400 (EDT)
Subject: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK
In-Reply-To: <000901c939e2$51b8afa0$f52a0ee0$@com>
Message-ID: <Pine.LNX.4.44.0810291329040.25337-100000@bitblit.net>

On Wed, 29 Oct 2008, Hans Zaunere wrote:

> -- Writing Tag systems in PHP/MySQL, that scale to memcached, with XDebug
> for Profiling;  Writing a social application such as forums, messaging or
> guilds with PHP/MySQL and what happens when a million people show up on
> opening day.

+1

Good timing: Im thinking of using memcached in a project...


-- 
Aj.



From sh370 at nyu.edu  Wed Oct 29 14:09:35 2008
From: sh370 at nyu.edu (Shari Halter)
Date: Wed, 29 Oct 2008 14:09:35 -0400
Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK]
In-Reply-To: <49089023.1030505@thrillist.com>
Message-ID: <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP>

 

+1 for Writing Tag systems in PHP/MySQL 



-shari

 
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
 
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
 
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081029/14cf9106/attachment.html>

From tomsartain at gmail.com  Wed Oct 29 15:16:22 2008
From: tomsartain at gmail.com (Tom Sartain)
Date: Wed, 29 Oct 2008 15:16:22 -0400
Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK]
In-Reply-To: <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP>
References: <49089023.1030505@thrillist.com>
	<000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP>
Message-ID: <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com>

+1 for Writing Tag Systems as well

On 10/29/08, Shari Halter <sh370 at nyu.edu> wrote:
>
>
> +1 for Writing Tag systems in PHP/MySQL
>
>
>
> -shari
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From codebowl at gmail.com  Wed Oct 29 15:30:54 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 29 Oct 2008 15:30:54 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
Message-ID: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>

Has anyone on here found a viable solution?  Everything seems to work  
on the www side of things but as soon as i use the data in an RSS feed  
it does not seem to like the MS Word characters.

Thanks,
Joseph Crawford


From lists at zaunere.com  Wed Oct 29 15:40:33 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Wed, 29 Oct 2008 15:40:33 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
Message-ID: <006c01c939fe$359f5280$a0ddf780$@com>

> Has anyone on here found a viable solution?  Everything seems to work
> on the www side of things but as soon as i use the data in an RSS feed
> it does not seem to like the MS Word characters.

Word/etc always manages to create new and exciting chars, but the following
usually take care of most of them.

$this->Value = str_replace(array(chr(0x92),chr(0x93),
chr(0x94),chr(0x96),chr(0x97),chr(0x85)),
array('\'','"','"','-','-','...'),$this->Value);

H




From chsnyder at gmail.com  Wed Oct 29 15:41:56 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 29 Oct 2008 15:41:56 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
Message-ID: <b76252690810291241k65186570uc76bfd2b9101798d@mail.gmail.com>

On Wed, Oct 29, 2008 at 3:30 PM, Joseph Crawford <codebowl at gmail.com> wrote:
> Has anyone on here found a viable solution?  Everything seems to work on the
> www side of things but as soon as i use the data in an RSS feed it does not
> seem to like the MS Word characters.
>

That's for sure.

Here's what I use, there's probably a more elegant/readable way to do it.

// convert smart quotes and mdashes
$wordchars=array('?','"','"',''',''',"?");
$fixedchars=array('&mdash;','&quot;','&quot;',"'","'","&hellip;");
$output = str_replace( $wordchars, $fixedchars, $output );

- chris.

From chsnyder at gmail.com  Wed Oct 29 15:43:45 2008
From: chsnyder at gmail.com (csnyder)
Date: Wed, 29 Oct 2008 15:43:45 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
	<006c01c939fe$359f5280$a0ddf780$@com>
Message-ID: <b76252690810291243q4a55c7a2kb55b6dbebe25bd9c@mail.gmail.com>

On Wed, Oct 29, 2008 at 3:40 PM, Hans Zaunere <lists at zaunere.com> wrote:
>
> $this->Value = str_replace(array(chr(0x92),chr(0x93),
> chr(0x94),chr(0x96),chr(0x97),chr(0x85)),
> array('\'','"','"','-','-','...'),$this->Value);
>

Yep, use Hans' it's more readable.


Chris Snyder
http://chxor.chxo.com/


From codebowl at gmail.com  Wed Oct 29 15:52:50 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 29 Oct 2008 15:52:50 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
	<006c01c939fe$359f5280$a0ddf780$@com>
Message-ID: <99605328-6C8B-4147-87D9-F92513CD0E85@gmail.com>

I'm not sure why but neither suggestion seemed to work, here is what I  
found that does work

/**
  * Remove unwanted MS Word high characters from a string
  *
  * @param string $string
  * @return string $string
  */
function sanitizeString($string = null)
{
	if(is_null($string)) return false;
	
	//-> Replace all of those weird MS Word quotes and other high  
characters
     $badwordchars=array(
         "\xe2\x80\x98", // left single quote
         "\xe2\x80\x99", // right single quote
         "\xe2\x80\x9c", // left double quote
         "\xe2\x80\x9d", // right double quote
         "\xe2\x80\x94", // em dash
         "\xe2\x80\xa6" // elipses
     );
     $fixedwordchars=array(
         "'",
         "'",
         '"',
         '"',
         '&mdash;',
         '...'
     );
     return htmlspecialchars(str_replace($badwordchars,$fixedwordchars, 
$string));
}


On Oct 29, 2008, at 3:40 PM, Hans Zaunere wrote:

>> Has anyone on here found a viable solution?  Everything seems to work
>> on the www side of things but as soon as i use the data in an RSS  
>> feed
>> it does not seem to like the MS Word characters.
>
> Word/etc always manages to create new and exciting chars, but the  
> following
> usually take care of most of them.
>
> $this->Value = str_replace(array(chr(0x92),chr(0x93),
> chr(0x94),chr(0x96),chr(0x97),chr(0x85)),
> array('\'','"','"','-','-','...'),$this->Value);
>
> H
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From jmcgraw1 at gmail.com  Wed Oct 29 16:48:43 2008
From: jmcgraw1 at gmail.com (Jake McGraw)
Date: Wed, 29 Oct 2008 16:48:43 -0400
Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK]
In-Reply-To: <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com>
References: <49089023.1030505@thrillist.com>
	<000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP>
	<20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com>
Message-ID: <e065b8610810291348m440e8307v132f3d34dec53840@mail.gmail.com>

+ 1 for Tag system

On Wed, Oct 29, 2008 at 3:16 PM, Tom Sartain <tomsartain at gmail.com> wrote:
> +1 for Writing Tag Systems as well
>
> On 10/29/08, Shari Halter <sh370 at nyu.edu> wrote:
>>
>>
>> +1 for Writing Tag systems in PHP/MySQL
>>
>>
>>
>> -shari
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From lists at zaunere.com  Wed Oct 29 17:00:26 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Wed, 29 Oct 2008 17:00:26 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and
	other	characters
In-Reply-To: <b76252690810291241k65186570uc76bfd2b9101798d@mail.gmail.com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
	<b76252690810291241k65186570uc76bfd2b9101798d@mail.gmail.com>
Message-ID: <009101c93a09$5e388990$1aa99cb0$@com>

 
> // convert smart quotes and mdashes
> $wordchars=array('?','"','"',''',''',"?");

I've ran into strange and subtle issues when actually putting the chars to replace themselves into code.  This is especially frustrating with encoding/etc of various files, in which cases sometimes these won't match correctly.  Thus, the chr(0x96) usage, which is more explicit.

H




From lists at zaunere.com  Wed Oct 29 17:09:14 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Wed, 29 Oct 2008 17:09:14 -0400
Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK]
In-Reply-To: <e065b8610810291348m440e8307v132f3d34dec53840@mail.gmail.com>
References: <49089023.1030505@thrillist.com>	<000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP>	<20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com>
	<e065b8610810291348m440e8307v132f3d34dec53840@mail.gmail.com>
Message-ID: <009501c93a0a$9929fec0$cb7dfc40$@com>

> + 1 for Tag system

Thanks all - I think this one is pretty much unanimous...

H




From mikesz at qualityadvantages.com  Wed Oct 29 22:15:06 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Thu, 30 Oct 2008 10:15:06 +0800
Subject: [nycphp-talk] OpenID is what?
Message-ID: <65161666.20081030101506@qualityadvantages.com>

Hello NYPHP,

Having been recently hacked and several of my webmaster email account
names being hijacked by spammers, I am looking for viable solutions to
safeguard my websites and the membership of these sites.

I just ran across some discussion about openID (yes, I have been in a
cave now for some time, lol) and am skeptical that the primary motivation
is altruistic like when g$$gle first came on the scene, it too "looked like"
a good thing for the planet but evolved into the world's biggest $$$ machine
that is likely, if not already, to make micro$ look like chump change.

I sense rather that OpenID is yet another marketing ploy to rake in
huge piles of cash rather than provide warmth and security that it
touts in its hype. Already, I see lots of RED FLAGS about being highly
susceptible to phishing, like what isn't these days.

All of my websites run php forum and CMS software of varying flavors
so I am not convinced that OpenID is a viable solution to secure them
against the kinds of attacks I have see recently and wonder about the
integrity of a system that claims (from phpMyID):

    * The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party.
    * It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running!
    * Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security.
    * Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text.

I would really appreciate an eye opener on this one. It looks like
more flim flam to me.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com



From michael.southwell at nyphp.com  Wed Oct 29 22:58:41 2008
From: michael.southwell at nyphp.com (Michael Southwell)
Date: Wed, 29 Oct 2008 22:58:41 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
	<006c01c939fe$359f5280$a0ddf780$@com>
Message-ID: <490922E1.8060007@nyphp.com>

Hans Zaunere wrote:
>> Has anyone on here found a viable solution?  Everything seems to work
>> on the www side of things but as soon as i use the data in an RSS feed
>> it does not seem to like the MS Word characters.
> 
> Word/etc always manages to create new and exciting chars, but the following
> usually take care of most of them.
> 
> $this->Value = str_replace(array(chr(0x92),chr(0x93),
> chr(0x94),chr(0x96),chr(0x97),chr(0x85)),
> array('\'','"','"','-','-','...'),$this->Value);

I would add to this the following:
chr(0x91) -> '&#8217;' [backtick]
chr(0xa0) -> ' ' [space]


-- 
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING:  http://nyphp.com/Training/Indepth


From danielc at analysisandsolutions.com  Wed Oct 29 23:55:26 2008
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Wed, 29 Oct 2008 23:55:26 -0400
Subject: [nycphp-talk] Converting the pesky MS Word quotes and other
	characters
In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com>
Message-ID: <20081030035526.GA9945@panix.com>

<?php
/**
 * Gets rid of stupid quotes, etc.
 *
 * This uses a convoluted preg_replace() approach, rather than
 * str_replace(), because Chrome (the REAL Chrome, as in Firefox 
 * applications, not Google's usurpation) translates the characters.
 *
 * If you need to see what characters are coming in, uncomment
 * the debug call to analyze_string_polaris() that exists at the top
 * of this method.
 *
 * @see analyze_string_polaris()
 */
function filter_fancy_characters_polaris($in) {
    static $search, $replace;

    // echo analyze_string_polaris($in);

    if (!isset($search)) {
        $search = array(
            '/\x96/',
            '/\xE2\x80\x93/',
            '/\x97/',
            '/\xE2\x80\x94/',
            '/\x91/',
            '/\xE2\x80\x98/',
            '/\x92/',
            '/\xE2\x80\x99/',
            '/\x93/',
            '/\xE2\x80\x9C/',
            '/\x94/',
            '/\xE2\x80\x9D/',
            '/\x85/',
            '/\xE2\x80\xA6/',
            '/\x95/',
            '/\xE2\x80\xA2/',
            '/\x09/',

            // The order of these is very important.
            '/\xC2\xBC/',
            '/\xBC/',
            '/\xC2\xBD/',
            '/\xBD/',
            '/\xC2\xBE/',
            '/\xBE/',
        );

        $replace = array(
            '-',
            '-',
            '--',
            '--',
            "'",
            "'",
            "'",
            "'",
            '"',
            '"',
            '"',
            '"',
            '...',
            '...',
            '*',
            '*',
            ' ',

            '1/4',
            '1/4',
            '1/2',
            '1/2',
            '3/4',
            '3/4',
        );
    }
    return preg_replace($search, $replace, $in);
}

/**
 * Returns the hex, oct and ord numbers of characters found in a string;
 * makes debugging odd user input much easier
 *
 * @see filter_fancy_characters_polaris()
 */
function analyze_string_polaris($in) {
    $out = '';
    for ($i = 0, $len = strlen($in); $i < $len; $i++) {
        $out .= '  Chr:' . $in[$i];
        $out .= '  Hex:' . dechex(ord($in[$i]));
        $out .= '  Oct:' . decoct(ord($in[$i]));
        $out .= '  Ord:' . ord($in[$i]);
        $out .= "\n-------\n";
    }
    return $out;
}
?>

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From codebowl at gmail.com  Thu Oct 30 08:31:09 2008
From: codebowl at gmail.com (Joseph Crawford)
Date: Thu, 30 Oct 2008 08:31:09 -0400
Subject: [nycphp-talk] XSL with RSS 2.0
Message-ID: <C745E06B-88A2-4720-AD44-67F64B4ECB25@gmail.com>

Guys I am having a bit of a problem here.

I have an RSS 2.0 Feed that I am trying to style up with XSL and it is  
not working properly.  It seems that it is not picking up the XSL  
document that I have created.
I finally figured out the problem that was keeping it from picking up  
the XSL document and that is when I put the
<rss version="2.0">
tag into my RSS it set's the mime type to application/xml+xhtml and  
that is what throws things off.

What I need to know is if there is a way to make XSL work while still  
including the <rss> tag.

Thanks,
Joseph Crawford



From chsnyder at gmail.com  Thu Oct 30 09:35:18 2008
From: chsnyder at gmail.com (csnyder)
Date: Thu, 30 Oct 2008 09:35:18 -0400
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <65161666.20081030101506@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>
Message-ID: <b76252690810300635x397364c2v6e80cc7e39d0d49e@mail.gmail.com>

On Wed, Oct 29, 2008 at 10:15 PM,  <mikesz at qualityadvantages.com> wrote:

> All of my websites run php forum and CMS software of varying flavors
> so I am not convinced that OpenID is a viable solution to secure them
> against the kinds of attacks I have see recently

OpenID is a means of authentication using a trusted third party. Its
main benefit is to make it easy for users to register for and consume
services at many different sites, without having to use different
passwords at each one. A secondary benefit is that users don't need to
trust the authentication mechanisms of each site they log into, they
only need to trust their OpenID provider.

OpenID is not going to do much of anything to make your sites more
secure, unless your accounts were hijacked because the authentication
process was inherently insecure (it took place over http, or passwords
were stored as plain text, or it is easy to brute-force the login
script).

OpenID doesn't do anything about cross-site-scripting, sql injection,
insecure file uploads, or any of the 999 other ways that clever bad
guys attack poorly written webapps.


Chris Snyder
http://chxor.chxo.com/


From ben at projectskyline.com  Thu Oct 30 11:29:27 2008
From: ben at projectskyline.com (Ben Sgro)
Date: Thu, 30 Oct 2008 11:29:27 -0400
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <65161666.20081030101506@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>
Message-ID: <4909D2D7.1040504@projectskyline.com>

Hello Mike,

I think you have your real question here:

Having been recently hacked and several of my webmaster email account
names being hijacked by spammers, I am looking for viable solutions to
safeguard my websites and the membership of these sites.

How about fixing the problem, instead of adding new security measures? 
Please define "hacked"?

Did they guess the passwords to theses accounts - Enforce 
non-standard/dictionary passwords, implement password expiration policies.
Did they brute force an account - lock the account after N failed 
attempts in Y minutes (example: 15 failed logins in 1 minute).
Did they sniff traffic - Require all credentials (and maybe everything) 
be sent over SSL.
Did they sql inject - Bind your params & validate all user input.
Don't let someone send out >N emails in Y minutes (example: 50 emails in 
1 minute) - If you control the front end to the mail, you could add some 
last line of
defense checks into that.

- Ben

mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
> Having been recently hacked and several of my webmaster email account
> names being hijacked by spammers, I am looking for viable solutions to
> safeguard my websites and the membership of these sites.
>
> I just ran across some discussion about openID (yes, I have been in a
> cave now for some time, lol) and am skeptical that the primary motivation
> is altruistic like when g$$gle first came on the scene, it too "looked like"
> a good thing for the planet but evolved into the world's biggest $$$ machine
> that is likely, if not already, to make micro$ look like chump change.
>
> I sense rather that OpenID is yet another marketing ploy to rake in
> huge piles of cash rather than provide warmth and security that it
> touts in its hype. Already, I see lots of RED FLAGS about being highly
> susceptible to phishing, like what isn't these days.
>
> All of my websites run php forum and CMS software of varying flavors
> so I am not convinced that OpenID is a viable solution to secure them
> against the kinds of attacks I have see recently and wonder about the
> integrity of a system that claims (from phpMyID):
>
>     * The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party.
>     * It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running!
>     * Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security.
>     * Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text.
>
> I would really appreciate an eye opener on this one. It looks like
> more flim flam to me.
>
>   


From mikesz at qualityadvantages.com  Thu Oct 30 11:39:18 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Thu, 30 Oct 2008 23:39:18 +0800
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <4909D2D7.1040504@projectskyline.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
Message-ID: <4510457903.20081030233918@qualityadvantages.com>

Hello Ben,

Thursday, October 30, 2008, 11:29:27 PM, you wrote:

> Hello Mike,

> I think you have your real question here:

> Having been recently hacked and several of my webmaster email account
> names being hijacked by spammers, I am looking for viable solutions to
> safeguard my websites and the membership of these sites.

> How about fixing the problem, instead of adding new security measures?
> Please define "hacked"?

Hacked meaning that they, the badguys managed to ftp a folder full of
porn to one of my subdirectories and its still a mystery how they did
that exactly. The ISP claims they took advantage of an exploit in the
php code but has no data to support that claim thus far. So, I can't
say that the site authorization was compromised with any certainty.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From mikesz at qualityadvantages.com  Thu Oct 30 11:46:35 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Thu, 30 Oct 2008 23:46:35 +0800
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <4909D2D7.1040504@projectskyline.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
Message-ID: <816451340.20081030234635@qualityadvantages.com>

Hello Ben,

Thursday, October 30, 2008, 11:29:27 PM, you wrote:

> Hello Mike,

> I think you have your real question here:

> Having been recently hacked and several of my webmaster email account
> names being hijacked by spammers, I am looking for viable solutions to
> safeguard my websites and the membership of these sites.

> How about fixing the problem, instead of adding new security measures?
> Please define "hacked"?

Sorry, didn't mean to downplay the seriousness of this hack, the
badguys were server 10s or thousands of porn images for several days
before the site ran out of bandwidth and shut down. That was the only
way I discovered that they were there. I had not idea that my site was
being used to distribute the junk before the bandwidth limit killed
the site. Even now, I am getting thousands of requests per hour for the
junk stuff that has been gone for a week.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From rolan at omnistep.com  Thu Oct 30 12:54:31 2008
From: rolan at omnistep.com (Rolan Yang)
Date: Thu, 30 Oct 2008 11:54:31 -0500
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <816451340.20081030234635@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>	<4909D2D7.1040504@projectskyline.com>
	<816451340.20081030234635@qualityadvantages.com>
Message-ID: <4909E6C7.6080808@omnistep.com>

mikesz at qualityadvantages.com wrote:
> Sorry, didn't mean to downplay the seriousness of this hack, the
> badguys were server 10s or thousands of porn images for several days
> before the site ran out of bandwidth and shut down. That was the only
> way I discovered that they were there. I had not idea that my site was
> being used to distribute the junk before the bandwidth limit killed
> the site. Even now, I am getting thousands of requests per hour for the
> junk stuff that has been gone for a week.
>
>   
You should redirect all those requests to google adword pages. :)




From jcampbell1 at gmail.com  Thu Oct 30 12:04:02 2008
From: jcampbell1 at gmail.com (John Campbell)
Date: Thu, 30 Oct 2008 12:04:02 -0400
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <4510457903.20081030233918@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
	<4510457903.20081030233918@qualityadvantages.com>
Message-ID: <8f0676b40810300904v1fbf60f9x6c7e41eb1357a47b@mail.gmail.com>

>
> Hacked meaning that they, the badguys managed to ftp a folder full of
> porn to one of my subdirectories and its still a mystery how they did
> that exactly. The ISP claims they took advantage of an exploit in the
> php code but has no data to support that claim thus far. So, I can't
> say that the site authorization was compromised with any certainty.
>

How did you figure out that they did it over FTP?  FTP is a pointless
protocol these days... turn it off.

Are you on a shared host?

-John Campbell


From arzala at gmail.com  Fri Oct 31 00:50:59 2008
From: arzala at gmail.com (Anirudhsinh Zala)
Date: Fri, 31 Oct 2008 10:20:59 +0530
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <4909D2D7.1040504@projectskyline.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
Message-ID: <200810311020.59399.arzala@gmail.com>

On Thursday 30 October 2008 20:59:27 Ben Sgro wrote:
> Hello Mike,
>
> I think you have your real question here:
>
> Having been recently hacked and several of my webmaster email account
> names being hijacked by spammers, I am looking for viable solutions to
> safeguard my websites and the membership of these sites.
>
> How about fixing the problem, instead of adding new security measures?
> Please define "hacked"?
>
> Did they guess the passwords to theses accounts - Enforce
> non-standard/dictionary passwords, implement password expiration policies.
> Did they brute force an account - lock the account after N failed
> attempts in Y minutes (example: 15 failed logins in 1 minute).
> Did they sniff traffic - Require all credentials (and maybe everything)
> be sent over SSL.
> Did they sql inject - Bind your params & validate all user input.
> Don't let someone send out >N emails in Y minutes (example: 50 emails in
> 1 minute) - If you control the front end to the mail, you could add some
> last line of
> defense checks into that.

+1 to this. Prevention is better than cure.

Anirudh Zala

>
> - Ben
>
> mikesz at qualityadvantages.com wrote:
> > Hello NYPHP,
> >
> > Having been recently hacked and several of my webmaster email account
> > names being hijacked by spammers, I am looking for viable solutions to
> > safeguard my websites and the membership of these sites.
> >
> > I just ran across some discussion about openID (yes, I have been in a
> > cave now for some time, lol) and am skeptical that the primary motivation
> > is altruistic like when g$$gle first came on the scene, it too "looked
> > like" a good thing for the planet but evolved into the world's biggest
> > $$$ machine that is likely, if not already, to make micro$ look like
> > chump change.
> >
> > I sense rather that OpenID is yet another marketing ploy to rake in
> > huge piles of cash rather than provide warmth and security that it
> > touts in its hype. Already, I see lots of RED FLAGS about being highly
> > susceptible to phishing, like what isn't these days.
> >
> > All of my websites run php forum and CMS software of varying flavors
> > so I am not convinced that OpenID is a viable solution to secure them
> > against the kinds of attacks I have see recently and wonder about the
> > integrity of a system that claims (from phpMyID):
> >
> >     * The whole point of OpenID is to allow you to manage your own
> > identity, and phpMyID lets you do that without giving control to a third
> > party. * It's easy to install and easy to configure. Edit just a few
> > lines in your config file, and you're off and running! * Allows "Smart
> > Mode OpenID" (more secure) transactions, even if you don't have a "big
> > math" library available. Seriously, phpMyID comes with a pure-PHP math
> > library which can be used if you want to demand that extra level of
> > security. * Ensures secure password transmission even if you don't have
> > SSL! By using HTTP Digest authentication, phpMyID ensures your password
> > is never sent or stored anywhere in clear or decypherable text.
> >
> > I would really appreciate an eye opener on this one. It looks like
> > more flim flam to me.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php




From arzala at gmail.com  Fri Oct 31 00:51:44 2008
From: arzala at gmail.com (Anirudhsinh Zala)
Date: Fri, 31 Oct 2008 10:21:44 +0530
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <4510457903.20081030233918@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
	<4510457903.20081030233918@qualityadvantages.com>
Message-ID: <200810311021.44184.arzala@gmail.com>

On Thursday 30 October 2008 21:09:18 mikesz at qualityadvantages.com wrote:
> Hello Ben,
>
> Thursday, October 30, 2008, 11:29:27 PM, you wrote:
> > Hello Mike,
> >
> > I think you have your real question here:
> >
> > Having been recently hacked and several of my webmaster email account
> > names being hijacked by spammers, I am looking for viable solutions to
> > safeguard my websites and the membership of these sites.
> >
> > How about fixing the problem, instead of adding new security measures?
> > Please define "hacked"?
>
> Hacked meaning that they, the badguys managed to ftp a folder full of
> porn to one of my subdirectories and its still a mystery how they did
> that exactly. The ISP claims they took advantage of an exploit in the
> php code but has no data to support that claim thus far. So, I can't
> say that the site authorization was compromised with any certainty.

To me, this seems manipulation of URL/s on your website that has file 
uploading feature.


From mikesz at qualityadvantages.com  Fri Oct 31 01:31:46 2008
From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com)
Date: Fri, 31 Oct 2008 13:31:46 +0800
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <200810311021.44184.arzala@gmail.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
	<4510457903.20081030233918@qualityadvantages.com>
	<200810311021.44184.arzala@gmail.com>
Message-ID: <215957242.20081031133146@qualityadvantages.com>

Hello Anirudhsinh,

Friday, October 31, 2008, 12:51:44 PM, you wrote:

> On Thursday 30 October 2008 21:09:18 mikesz at qualityadvantages.com wrote:
>> Hello Ben,
>>
>> Thursday, October 30, 2008, 11:29:27 PM, you wrote:
>> > Hello Mike,
>> >
>> > I think you have your real question here:
>> >
>> > Having been recently hacked and several of my webmaster email account
>> > names being hijacked by spammers, I am looking for viable solutions to
>> > safeguard my websites and the membership of these sites.
>> >
>> > How about fixing the problem, instead of adding new security measures?
>> > Please define "hacked"?
>>
>> Hacked meaning that they, the badguys managed to ftp a folder full of
>> porn to one of my subdirectories and its still a mystery how they did
>> that exactly. The ISP claims they took advantage of an exploit in the
>> php code but has no data to support that claim thus far. So, I can't
>> say that the site authorization was compromised with any certainty.

> To me, this seems manipulation of URL/s on your website that has file 
> uploading feature.
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3571 (20081030) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


That was essentially what the assumption was by the ISP, they think
that the hacker got in using one of the folders that is required to be
"writable" by the script for stuff like image processing and they
speculated that having gotten in, they simply uploaded their junk to
an obscure folder that contained a single php file. My problem with
that theory is that they can not produce the hack that let them into
the system, like I would normally see something like this in my
logifles - /inc/design.inc.php?dir[inc]=http://www.etc

Hackers try to use this technique on some of my site all the time but
I have plugged that hole and have the script send me an email when
they attempt to piggyback the url. I didn't get one for the hack that
got executed to load the porn onto my site so its still a matter of
speculation about how it actually got accomplished. No new exploits
have been reported against this software either for that matter. I am
reasonably certain that my site isn't the only one that has been
hijacked by porno peddlers but I can only find references to my site
when I do searches for keywords the badguys are using.

I do think it might have been a URL manipulation in spite of the fact
that I don't have a log entry to confirm it.

thanks for the reply.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com



From chsnyder at gmail.com  Fri Oct 31 09:12:19 2008
From: chsnyder at gmail.com (csnyder)
Date: Fri, 31 Oct 2008 09:12:19 -0400
Subject: [nycphp-talk] OpenID is what?
In-Reply-To: <215957242.20081031133146@qualityadvantages.com>
References: <65161666.20081030101506@qualityadvantages.com>
	<4909D2D7.1040504@projectskyline.com>
	<4510457903.20081030233918@qualityadvantages.com>
	<200810311021.44184.arzala@gmail.com>
	<215957242.20081031133146@qualityadvantages.com>
Message-ID: <b76252690810310612g671c7d0ete864f5f8f481467@mail.gmail.com>

On Fri, Oct 31, 2008 at 1:31 AM,  <mikesz at qualityadvantages.com> wrote:

> That was essentially what the assumption was by the ISP, they think
> that the hacker got in using one of the folders that is required to be
> "writable" by the script for stuff like image processing and they
> speculated that having gotten in, they simply uploaded their junk to
> an obscure folder that contained a single php file. My problem with
> that theory is that they can not produce the hack that let them into
> the system, like I would normally see something like this in my
> logifles - /inc/design.inc.php?dir[inc]=http://www.etc

So the directory is writable by the script... what user does the script run as?

Are there other accounts on the server that can also execute scripts
as that user? If so, the access would be in their logs, not yours.


From lists at zaunere.com  Fri Oct 31 16:50:04 2008
From: lists at zaunere.com (Hans Zaunere)
Date: Fri, 31 Oct 2008 16:50:04 -0400
Subject: [nycphp-talk] 15% Discount on Packt
Message-ID: <01de01c93b9a$4086d3b0$c1947b10$@com>

Hello all, here's a little Halloween Treat, without the trick.

Happy Halloween...

H


> The promotional code for your user group is: nyphpug. All the user
> group members can use this code to avail 15% discount on all Packt
> products. In order to get the discount, you need to follow these steps:
> 
> 1.) Visit http://www.packtpub.com/books
> 
> 2.) Click the "ADD TO CART" button to add any book to your shopping
> cart.
> 
> 3.) Now enter " " (without quotes) in the 'Promotional Code' field and
> click "Update" button.  The discounted price should now be reflected in
> your order.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PacktLogo.png
Type: image/png
Size: 3937 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081031/e0954dfa/attachment.png>