Recently I purchased a Tenvis IP391W-HD camera.
I would be unlikely to recommend it. The price is certainly right and the picture quality is quite good. The Android and iPhone apps do work to watch the stream live.
However, the interface is terrible and almost useless without Internet Explorer. There is a RTSP stream (rtsp://admin:password@ip) which VLC can seem to handle, but not mplayer. The recording format (.h264) is not viewable by VLC or mplayer and all I could find is a Windows .exe to convert them to an .avi.
The motion detection gets troubled by the dark. It would really only be useful for something permanently well-lit. It did send me emails via gmail.
I have got it recording to a NFS server, but I don't have a lot of confidence in the reliability of it. I think I have it configured to record in 3600-second blocks (given the interface, it's hard to tell if I've set it up to the network, or to the internal flash, etc), but it seems to intersperse 60 minute recordings with random small recordings. Given the whole idea of a security camera is to record the unexpected, you want a lot of confidence you're actually recording, which you don't get with this. You can see below it recorded 3 hour blocks, then started going a little crazy...-rw-r--r-- 1 nobody nogroup 69M Mar 11 01:25 0-003035.v264 -rw-r--r-- 1 nobody nogroup 69M Mar 11 02:25 0-013049.v264 -rw-r--r-- 1 nobody nogroup 69M Mar 11 03:26 0-023103.v264 -rw-r--r-- 1 nobody nogroup 5.9M Mar 11 03:31 0-033117.v264 -rw-r--r-- 1 nobody nogroup 1.5M Mar 11 03:40 0-034350.v264 -rw-r--r-- 1 nobody nogroup 17M Mar 11 04:02 0-035259.v264 -rw-r--r-- 1 nobody nogroup 306K Mar 11 04:10 0-041548.v264 -rw-r--r-- 1 nobody nogroup 4.9M Mar 11 04:23 0-042457.v264
There is a support forum, where I found the following files scattered in various posts. From what I can tell, they are the latest as of this writing. I can confirm they work with my IP391W-HD, which the system tells me is GM8126 hardware and came with firmware 22.214.171.124.
- 126.96.36.199.pk2 - firmware (b56f211a569fb03a37d13b706c660dcb)
- web.pk2 - a UI update that includes dropbox support. This is really for the model that has pan and tilt, so those buttons don't work. (0e42e42bd6f8034e87dcd443dcc3594d)
- V264ToAVIen.exe - converts the output to an AVI file that mplayer will play (with some complaints) (9c5a858aa454fed4a0186cf244c0d234)
www.modern.ie offers free limited-time Windows VM's which will work to upload this firmware. Just make sure you use a bridged network in the VM; I'm guessing the firmware ActiveX control tells the camera to TFTP the data from it, which doesn't work via NAT.
Somewhat worryingly, you can telnet to it and get a login prompt (TASTECH login). So it has a built-in backdoor you can't disable.
There have been some efforts to hack the device. email@example.com did an excellent job reverse engineering the .pk2 format and writing tenvis_pack.c (no license, I'm generously assuming public domain). I used this to recreate the firmware above with a telnet daemon listening with a shell on port 2525 (no password, just telnet to it)
- 188.8.131.52-telnet.pk2 (19cf63ca8f0928af8ef5a9eb8326aae6)
It's interesting to poke around, but it seems like the whole thing is really driven by a binary called ipc8126/ # ipc8126 --help *** TAS-Tech IPCAM/DVS *** Version: 184.108.40.206 *** Release date: 2013-08-05 15:48:32
In general, I'd say hackability is quite low.
Warning : any of the above might turn your camera into a paperweight. It worked for me, but that's all I can say...
This is the 8th installment in the rather long series that started with Part 1 about a month ago.
Back in 2006, we were in the situation where MySQL 5.0 had taken forever, and the first “GA” release was not suitable for production. Looking towards MySQL 5.1, it was also unlikely to be out any time soon. The MySQL Cluster team had customers that needed new features in a stable release. The majority of users didn’t use the MySQL server at all, they directly used the C++ NDB API for the vast majority of queries – so the vast majority of release blocker bugs in the MySQL server would not affect the production readiness of MySQL Cluster for these customers.
So, the decision was wisely made to do separate releases from a separate tree for MySQL Cluster. This was named MySQL Cluster: Carrier Grade Edition and exists to this day.
The main use case for MySQL Cluster at this time was running telephone networks, specifically the Home Location Registry databases of GSM phone networks. Basically, you need to keep a database of which tower each subscriber is associated with so when you go to make a phone call (or SMS) the network can properly route the call. This means there’s some realtime response requirements and hardcore availabilty which demands a special type of database.
NDB has a long history (some of it detailed in a previous post), but for those kind of interested in internals, I’ll quote Frazer Clement (now a long time MySQL Cluster developer although I completely forget which year he joined the team, which is just slightly embarrassing):
…Erlang and Ndb Cluster share some Plex heritage, which can still be seen in their architectures today. Since Plex, Erlang has mated with Prolog, and Ndb Cluster was involved in a car crash with C++.
The customers for MySQL Cluster were not the ones who bought the $5000 support option… Typically, paying for the addition of a relatively major feature was considered quite okay and even “normal”. After all, the effort that goes into constructing the entire software stack of a large cell phone network is rather large, and MySQL Cluster would end up being a very small part of that.
Many major features went into MySQL Cluster first, sometimes years before they made the general MySQL Server: row based replication, circular replication with conflict resolution and online DDL (add/drop index and column). In fact, it kind of incredibly frustrates me that we solved online add column in NDB so many years ago and you still can’t add a column to an InnoDB table without some serious planning.
The key thing about MySQL Cluster releases? They happened. They were also regular, addressing customer issues and new major versions brought features that worked for the use cases of those who needed them.
Interestingly enough, you may recognize the person who ran the MySQL Cluster team as the same person who has overseen the now regular release cycle of the MySQL Server itself (and has now been in the MySQL world for over ten years).
Ever since @font-face was introduced, our web font choices have grown tremendously each year. Web font trend data can help us make sense of all those new choices—and give insight into which typefaces are working well on the web, and which might even be overused. Let’s explore where we can find data on what’s popular now, and how we can use that information.Google Fonts
The most popular Google fonts can be sorted by total views. The drastic difference in pageviews of Open Sans is quite impressive: it’s viewed more than three times as often as any other font. Here are Google’s dominant three for the last 30 days:
- Open Sans
The Fonts.com blog updates monthly with its list of most-popular fonts. Trade Gothic was its top family for February 2014, moving up from the number two spot a year ago. Over the last year, Avenir Next has grown in popularity, while Din Next has declined. Fonts.com’s top three in February were:
- Trade Gothic
- Avenir Next
- Neue Helvetica
Filtering by “Webfont” and sorting by “Popularity” will yield us Font Squirrel’s most popular for @font-face embedding. Its top three:
- Open Sans
Typekit doesn’t share the most popular fonts by view, but by most favorited. When it released the favoriting functionality in 2011, Adelle was the most adored, but has since dropped down a spot. Futura PT was number two and is now number five. Typekit’s most favorited three are:
- Museo Sans
- Proxima Nova
Want to look at the most popular serif, sans-serif, or script? You can do that at Font Deck, along with sorting all font families by popularity. Its top three overall:
- Proxima Nova
All fonts on FontSpring have web licenses available. Whether its list of popular fonts takes that into consideration is a bit unclear, but we see some common font friends that we’ve seen before. Its bestselling in the last 30 days:
- Proxima Nova
- Museo Sans
Webtype has a nice advanced filtering section, including an “intended size” filter for finding your perfect small or large type sizes. Changing the default filtering from “Most Recent” to “Popularity” gives us these leaders:
- Gill Sans
- Benton Sans
There are plenty of other choices for serving or downloading web fonts from, but you can see with a bit of digging, we can learn a lot about what’s been working well for others.Using the data
How can we put this information to work? Here are some examples from my own experience.
I worked on a website in which using any paid third-party services was prohibited, but the team was hesitant to use free web fonts because appearing professional was critical. Looking at how popular the sans-serif fonts Open Sans, PT Sans, and Source Sans were on Google Fonts gave us the confidence to use one of those in production.
Another project started with the use of Futura, a font that is common to these popular lists and had been used in a few of my recent projects. I wanted to try something new, so I used those same lists for inspiration and tried out some of the fonts a little further down in the popularity numbers, and it helped refresh the design.
There’s no one way to look at this data, though. Maybe the top fonts are popular because they have fabulous font hinting, or maybe because they’ve been used on influential sites. It’s up to you to interpret the trends in the context of your project’s needs and goals—but watching them can help inform your next font choices.
I got up not as early as I'd have liked, and did the first 10km run I've done for a while, with my new shoes and the orthotics in them. It was a bit cooler, and despite not being particularly well hydrated, I lasted the distance, and managed to complete it in under an hour. I'm a long way off my best time at the moment, but I'm hoping as it cools down my running fitness will improve.
I ended up doing a bunch of startup-related stuff today, instead of Debian stuff. It felt good to make some vaguely forward progress, even if it was just business operations planning stuff.
I picked up Zoe from Kindergarten by bike. We'd both confirmed with her several times since Friday as to which mode of transport she wanted to use to come home, and she'd indicated the bike.
Zoe was asleep as usual, but woke up pretty easily. The Kindergarten has indicated that they want everyone out of the centre by 2:30pm, which makes it a bit of a challenge to rouse a deeply sleeping child and exit the centre in 10 minutes. I managed to sunscreen her while she was still horizontal, so that sped things up, and it helped greatly that she didn't have a post-nap meltdown.
One of her class mates and her mother were hanging around waiting for her big brother to finish school, and the bike trailer tends to be a good conversation starter, so we chatted for a little bit before leaving. It was nice to properly meet another parent, and I'm glad to see Zoe's started learning some of her class mates names.
I had a kale, carrot and apple juice for lunch today, and as I hate wasting the pulp out of the juicer, I'd previously found a nice muffin recipe that I could use the kale and carrot pulp in. I'd previously baked a batch of mini muffins for Zoe's lunches, and was pleased that she liked them. We were getting a bit low, so I thought we'd bake another batch this afternoon, so that's what we did after we got home.
Once they were in the oven, Zoe went off to watch TV and I made a start on dinner.
Bedtime went nice and smoothly tonight.
Digging through piles of old stuff in the house, I came across a nice little artifact of MySQL history, an old business card. One benefit of a small company is that you can tend to get your first name @company.com, which of course, I had.
I've walked this trail "around the block" through the dense pine and eucalypt plantations many times before but it was only yesterday that a shape embedded in a pine plantation caught my eye:
Whomever had planted this particular planation had just left the old shed where it was and planted the plantation around it. How had I missed this before?
So I headed in for a closer look and the tin on the roof was much younger than the shed itself.
After crunching my way across the moss and pine needle carpeted forest floor, this spooky scene greated me as I stepped gingerly inside the shed:
Admittedly the lack of evidence of satanic ritual was an anti-climax but I enjoyed the find none-the-less.
I really need to sit down and do some research on Linux System Hardening, as I really want to take a look at any kernel hardening that can be done on the system. i.e. I don’t want users to be able to see who else is on the machine via the output of commands like ‘w’ and ‘who’. I remember grsecurity use to be available to do this, so I should look around to see if this is still valid or do we do it another one.
I did find the following web post about SSH hardening which I enjoyed reading here.
If you’ve done Linux System Hardening recently, chime in on the comments with your experience.
- Two Sentences That Will Get Your Kids To Tell The Truth http://t.co/iEJNpKrVyw 22:59:02, 2014-03-09
- The new reality http://t.co/AIEdt5RBBx #auspol http://t.co/fGN6JDg2AR 20:42:01, 2014-03-09
- @MIKEBALLARD4 @Subdo2 it’s not my fault that they can’t spell in reply to MIKEBALLARD4 20:40:06, 2014-03-09
- Under Howard, cost of living rose by 2.8% annually. Under Labour, it was only 1.6%. http://t.co/9Z8lVuCIkV #auspol http://t.co/REuRSZeBTZ 19:32:08, 2014-03-09
- Gina Rinehart wants Australian Thatcherism, but do we want to become northern England? http://t.co/GPgbMCNXs4 #auspol http://t.co/Sm4Hke1Gb4 17:27:01, 2014-03-09
- Santos CSG project contaminates aquifer, only fined $1500 http://t.co/Vi6P9M9Tzs #auspol 19:32:04, 2014-03-08
- When in doubt, do the opposite of what America (or Australia) does #auspol http://t.co/Qw14TJycgX 17:27:02, 2014-03-08
- RT @GuardianAus: Constitutional crisis: Australia’s dirty fingerprints are all over Nauru’s system | Ben Saul http://t.co/Loi2lufB2u 17:17:10, 2014-03-08
- @T1SydneyTrains I’m sitting in a “quiet carriage” that is not at all quiet. What’s the point? 17:13:15, 2014-03-08
- Abbott’s Direct Action farce exposed by the CSIRO http://t.co/KLs1KXBdCu #auspol 22:59:07, 2014-03-07
- Why My School should be scrapped http://t.co/VNzsfjVB1e 20:42:07, 2014-03-07
- I agree with Gina Rinehart: welfare for corporates and billionaires is unsustainable http://t.co/lvPlVj4h8s #auspol 19:32:14, 2014-03-07
- Apple pays $193m tax in Australia on $27b revenue http://t.co/aGnuhj80xh 17:27:03, 2014-03-07
- Queensland LNP govt wants to restrict who can vote in elections http://t.co/Ilc6W36E70 #auspol 15:33:00, 2014-03-07
- Senator Ludlam welcomes Tony Abbott to WA — great speech! http://t.co/w7KKujCtZw #auspol 13:19:02, 2014-03-07
- What do we know about the pressure of NAPLAN testing? Insights from The Whitlam Institute at UWS. http://t.co/Dd35JXac6K 22:59:09, 2014-03-06
- The School for Social Entrepreneurs Australia has launched a free fundraising guide for social enterprises and NFPs http://t.co/rZZ1hJyqjr 20:42:06, 2014-03-06
- Abbott govt ordered to cease spying on East Timor by International Court of Justice http://t.co/fN6Ga2TWH2 #auspol 19:32:06, 2014-03-06
- The “age of entitlement” isn’t over for Apple http://t.co/6PkDpSJofs #auspol 17:27:00, 2014-03-06
- Great Barrier Reef faced with irreversible damage http://t.co/8AOf4dTpcR #auspol 15:33:04, 2014-03-06
This could get interesting, the National Court of PNG has invoked a section of the PNG Constitution that permits it to investigate possible breaches of basic rights on its own initiative.
The National Court, having taken judicial notice of the alleged detention at the regional processing centre at Lombrum Naval Base, Manus Province, of a considerable number of persons seeking refugee status or asylum in Australia, who have been transferred to Manus pursuant to memoranda of agreement between the Governments of Papua New Guinea and Australia, known generally as “asylum seekers” or “transferees”, and reports of alleged human rights violations and complaints about the conditions of detention and disturbances resulting in injuries to such persons, decided on its own initiative to inquire into such matters by invoking Section 57(1) of the Constitution.
The full opening statement by Justice Cannings is currently on Scribd, but Justice Cannings makes it clear that the intention is to visit the detention centre and talk to refugees:
The third stage of the hearing I anticipate will be in Lorengau, in the week commencing Monday 10 March. Evidence will be received at this hearing. The Court will inspect the regional processing centre. Transferees will be invited to give evidence. It is anticipated that this process will take at least three days.
The questions that he has set are:
- What human rights do the transferees have under the Constitution, if any?
- Have those rights, if any, been or are they now being, administered to them?
- If not, what orders and declarations should the Court make to protect and enforce those rights?
I suspect that the first one is the real substantial question, my guess is that if the court finds that they do have human rights then the rest will flow pretty simply from that. You can read the PNG Constitution online as a PDF.
Hat tip to Humanitarian Research Partners for mentioning this on Twitter (see below).
— HRP (@HRP_org) March 9, 2014
This item originally posted here:
National Court of PNG Opens Inquiry Into Treatment of Refugees
Zoe wound up in my bed at some ungodly hour, but then we both slept in until 7am, which was nice.
Mum and Dad were coming around at 8:30am to come watch Zoe's Brazilian Jiu-Jitsu class, so we got up, made some porridge in the Thermomix and got ready.
Zoe decided she didn't feel like going to BJJ class by bike, so we all piled into our car and drove over. Zoe had a good class, and Mum took her uniform home afterwards to take up the legs a bit, which will be good.
They stayed for lunch, and we reviewed photos from our Coochie and Melbourne trips, and I made some fresh guacamole in Thermomix to go with the chicken quesadillas I made for lunch.
After lunch they went home, and Zoe declined to take a nap, so we read some stories in the hammock, and then we did our Science Friday experiment, one that was suggested to me by a friend on Facebook.
It was nice and easy, just put some milk in a tray, drop in a few drops of food colouring and then touch them with a cotton bud soaked in detergent. The detergent breaks up the fat in the milk and the colour drops go flying all over the place. Zoe really enjoyed swirling all the colours around with the cotton buds and we repeated the experiment a few times. She then wanted to see what would happen if we put some glue in, so wanting to encourage her scientific curiosity, we tried it, and nothing interesting happened.
Zoe had a play date at her friend Mackensie's house, which was just down the road in Balmoral. We biked over to her place and the girls had a lovely afternoon playing. Sarah came and picked up Zoe from there.
I dropped in on some former neighbours who happened to move two doors down from Mackensie, and had just had a second child, and then headed home to prepare for a dinner and board game night with my girlfriend and some of my neighbours.
Today my step dad and I fixed a problem I discovered post the new pergola slab going in. Days after the area was cleared, I noticed a lot of water near the tap and thought my wife must of over watered the lawn.
Post the slab being done it was more noticeable when pergola installer cut the downpipe. i.e no water came out of the live pipes. Since these should contain water since it goes to a tank. Thought the collar (reducer from 90mm to 100mm pipe) had come off, as it had once before.
We cut out the pipe, and when we put a torch down the water was actually below the point of the collars, which meant the leak was lower.
Dug out the side to access pipe and I immediately spotted the problem. It appears the 45 degree elbow that was under the concrete slab must of been knocked during excavation of the slab area I imagine and this split it on the inside of the elbow. It was so split that it was nearly around the whole pipe diameter. It had else caused some soil to erode around it too. Every time it rained, the system would need to load up, and post rain the system would unload all that water into the rear out this split. No wonder the ground was so wet post rain.
Didn’t take and pictures of the split, as I was too covered in mud to get a camera. However did capture the picture below showing out fix, as you can see not a bad job. Loaded up the down pipes and no leaks. So win for us.
Now I can get on to the next jobs around the house and yard. So much still to do. Will continue to take pictures. Have another low spot where I am going to lay a surface drain and some arg line/pipe to help stop the area from pooling with water (where the trampoline use to be)
I previously wrote about the idea of a Basic Income for Australia , that post was mainly to show how it could be introduced with little real change. That is not because I don’t think that we need real changes, but because we should consider the various changes separately as much as possible.
In terms of how society works I think that we need to move from the current model where most people are expected to work most of the time and the people who don’t work are treated badly to encourage them to work for low wages. I think that we should aim as a society to have less time spent doing paid work which means more people working part time (maybe 6 months a year, 3 or 4 days a week, or other ways of doing less than 40 hours a week * ~45 weeks) and more people who aren’t doing paid work.
The idea of 100% employment is the cause of many jokes about the Soviet Union. I don’t know how much truth is behind the jokes about needless work being done to fulfill Soviet plans, but regardless of the accuracy I think we should take such things as an idea of what not to do in our society. The Broken Window Fallacy is an example of the Soviet production problem in supposedly capitalist societies.
Here are some of my ideas for decreasing the amount of needless work without decreasing anyone’s quality of life – in fact most of these make things better for most people.The War on Drugs
The easiest way to reduce needless employees is to end the “war on drugs”. During the course of the “war” the drug use has steadily increased and the amount of law enforcement energy devoted to it has also increased. Some estimates claim that 50% of law enforcement is devoted to it. Also some of the hospital budget is related to drug use.
I think that we should allow adults to consume any “drug” that they wish (not just tobacco, alcohol, caffeine, and other popular drugs) and apply the same laws regarding product quality to all of them. That will reduce the violence related to drugs, reduce the health impact (it’s usually poor quality control that causes medical problems), and allow law enforcement to concentrate on crimes that hurt other people.
Treating drug addiction as a medical problem has been shown to be the most effective way of reducing drug use, reducing violent crime, and reducing the health impact of drug use.Other Crime Issues
Gary Slutkin’s TED talk about treating violence as a contagious disease has some interesting ideas for reducing violence in the community . Implementing those ideas on a wide scale seems to have the potential for reducing law enforcement and medical work.
Generally I think we should aim to have as few laws as possible. Whenever adults want to do things that don’t hurt other people they should be permitted to do so. There should also be an aim for laws to be consistent and easy to understand. Ideally there would be a single database with all laws in some form of hypertext (maybe some type of Wiki) so that any citizen can discover all implications of the laws that affect them.Health
More money should be spent on preventing people getting sick. One problem we have in recent times is silly people refusing to get their children vaccinated because they take medical advice from a playboy model instead of doctors. I think that as a society we need to do more to protect children from stupid things that their parents do and that reducing the amount of medical work is the least of the reasons for doing so.
Another problem is the quality of food. The big supermarket chains are pushing prices down which reduces food quality. The excessive use of anti-biotics is a serious threat to world health that is driven by the low price of meat.Robots
Rodney Brooks gave an interesting TED talk about robotics . He showed how robots can be programmed/trained and talked about the factory workers who want their children to do anything other than factory work. Work that can be done by robots should be done by robots so that people can do better things.Travel
One problem that we have in Australia is rent-seeking companies being permitted to establish toll roads. To make such toll roads profitable (which is guaranteed by corrupt politicians) they close roads that might be used to bypass the toll roads. This creates needless traffic congestion (wasted work time driving). Also running toll roads involves employing people to collect the tolls and take legal action against people who don’t pay. I believe that toll roads shouldn’t exist, this will reduce the number of needless workers and make everything more efficient. Also as a matter of principle I believe that the government should own and control every monopoly in the country.
Currently in Australia most adults own cars, this involves a lot of work in car maintenance. Even when not being used a car needs to be maintained for safety. When people drive to work instead of using public transport their travel time counts as work. While time spent on a train, tram, or bus isn’t leisure time it’s a lesser degree of work than driving a car. You can read a book, play phone games, or do other recreational activities when on public transport.
Car sharing companies are taking off in urban areas, this allows some people to avoid owning a car and some families to own fewer cars. We also need more government investment in public transport including more routes, greater passenger capacity, and more service late at night.
We also need to encourage companies not to have employees working from 9 to 5 to reduce the peak demand for public transport. A short term tax incentive would do some good in this regard, if companies were to encourage their employees to work different hours for a year then it might change the norms for work enough to permanently break the 9-5 concept.
I believe that all land-based mass public transport (buses, trams, and trains) should be free. That would remove the need to pay people to collect fares and fine people who don’t have tickets, and also remove the work time involved in buying tickets. Not requiring tickets would also decrease the time needed to get on and off public transport which would improve the speed of public transport and reduce disruption to traffic. One simulation of traffic in New York City showed that collecting fares on buses slowed down traffic enough to impose costs on all workers that were greater than the fares collected – so it would be cheaper overall for people in NYC to have free buses paid by the government. I don’t think that Melbourne has congestion similar to NYC and even Sydney might not have the same economic issues. But I still think that we should have free transport for the convenience of everyone.
Google has been doing some interesting research into cars that are driven by computer, their prototypes have been shown to work well in practice but have not been approved for real use. Trains and trams are easier to drive because there is no steering so it seems that they would be good options for the first implementation of computer driven public transport. Robot trams would allow more regular service late at night and thus make the network more useful.Stop Buying Rubbish
A significant waste of resources is the commercial events of Christmas, Valentine’s day, and Easter. A lot of marketing money is spent to encourage people to buy rubbish for other people in celebration of such events. I think that Christmas presents for children are a good thing and that even the trivial things (crackers and party hats) are OK, but adults don’t need it. Valentine’s day is OK for people who are in relationships, but coercing single people to rush to find someone so that they aren’t single on that day is bad for everyone. Most Easter and Valentine’s chocolate is rubbish, cheap and nasty chocolate in fancy wrappings. Buy a small quantity of good chocolate instead of a large quantity of rubbish.
There’s a big market for knick-nacks for adults outside of those holidays too. Stands at trade shows usually give away junk to delegates, some of it has enough value to be taken home but really it’s mostly rubbish. If you can’t sell your stuff without giving away freebies then giving away plastic toys or cheap chocolate isn’t going to make it sell.Any Other Ideas?
Does anyone have other ideas about how to reduce the amount of work required to sustain our society? Suggestions for improvements that suit other countries are welcome too, while I’m mostly thinking about Australia while writing this I’m interested in ways of making things better all around the world.
-  http://etbe.coker.com.au/2013/12/08/basic-income-australia/
-  http://tinyurl.com/kqevxtx
-  http://tinyurl.com/k4t34yj
No related posts.
If you’re running a version of the ALA pattern library that’s more than a few weeks old on a public server, please update it right away. The script that powers the navigation in the pattern library was found to have a pretty glaring security issue that would potentially allow read access to any file on a public webserver, even outside of the web root. If you’re running the pattern library locally there’s nothing to worry about—but you should pull the latest from the repository just the same.
To view the patterns in isolation, a small PHP script checks for a path variable in the URL then uses include() to pull a snippet of code on the page. If that variable isn’t present, all the patterns are rendered instead.
Unfortunately, where this pattern library script had really only been used on internal projects, it operated on a certain level of trust—whatever was passed in that path variable would be included on the page, without restriction or filtering. This meant that a path pointing outside of the pattern library root—or even the web server’s public root—could be rendered on a public page. Permissions settings aside, this meant the potential for public access to any file on a server hosting the pattern library.
This issue has since been resolved, and any inputs thoroughly sanitized. We’re now ensuring that special characters are escaped, that the path variable can’t point to any parent directory, and that the file being included has an .html extension.
In terms of lines of code, this was a very small issue—resolved in about fifteen minutes, if even that. In terms of security impact, it meant largely unrestricted access to any file on any public-facing server that hosted the pattern library—a serious issue.
The lesson here is to always sanitize your inputs—even in code that isn’t meant to be released to the public, just in case.
Thanks to @linssen for pointing the issue out to us.
VPAC Training Room, 110 Victoria Street, Carlton SouthLink: http://luv.asn.au/meetings/map
An introduction to Drupal, by Daniel Jitnah.
Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.March 15, 2014 - 12:30
There should be little doubt that the future of computing is a multicore future. If nothing else, the clock speed/heat trade-off provides a fundamental hardware tendency. But as is well recognised, parallel programming is not the easiest task in the world, hence the importance of teaching core concepts. One of these is Amdahl's Law and the subsequent Gustafon-Barsis Law. The following is an attempt to explain these concepts in an accessible and allegorical manner which educators and trainers may find useful.