RE: Matt's Scripts
Finding out where perl is
parody
Stop, stop, this script archive is not ready yet! Where are the Hello
world examples? Where are the detailed instructions? And why are you
actually working on these scripts yet!
/parody
You're all getting ahead of yourselves. We need to write a set of
helloWorld scripts that the script user can upload first to find out the
basic facts about their server and check everything is working.
a) You have multiple copys of the script with different shebang lines on
the top. Only one of these will work and one of the things it'll do is
print our is "The first line of programs you upload to this server should
be #!/blah/perl"
b) It checks your perl version is reasonable. Actually it probably should
do this before a) in case there are several versions installed.
c) It tests if you've got a borken version of CGI.pm (or CGI.pm at all) by
looking at version numbers, etc. Same for other modules.
d) It links to an image in the same directory as itself and explains that
if the image isn't viewable then you do not have inplace cgi and the
things you have to know about this
e) It prints out the time, and GMT time thus highlighting to the user any
problems they might have if this is wrong
f) It prints out a hunk of diagnostic information (e.g. perl version,
module versions, url, etc, etc)
Later.
Mark.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
RE: Matt's Scripts
At Wed, 14 Mar 2001 10:19:42 + (GMT), Mark Fowler [EMAIL PROTECTED] wrote: Finding out where perl is parody Stop, stop, this script archive is not ready yet! Where are the Hello world examples? Where are the detailed instructions? And why are you actually working on these scripts yet! /parody You're all getting ahead of yourselves. We need to write a set of helloWorld scripts that the script user can upload first to find out the basic facts about their server and check everything is working. a) You have multiple copys of the script with different shebang lines on the top. Only one of these will work and one of the things it'll do is print our is "The first line of programs you upload to this server should be #!/blah/perl" b) It checks your perl version is reasonable. Actually it probably should do this before a) in case there are several versions installed. c) It tests if you've got a borken version of CGI.pm (or CGI.pm at all) by looking at version numbers, etc. Same for other modules. d) It links to an image in the same directory as itself and explains that if the image isn't viewable then you do not have inplace cgi and the things you have to know about this e) It prints out the time, and GMT time thus highlighting to the user any problems they might have if this is wrong f) It prints out a hunk of diagnostic information (e.g. perl version, module versions, url, etc, etc) My ms-env script does a lot of this. http://www.mag-sol.com/Scripts/ms-env-2.0.tar.gz Mind you, it _does_ rely on CGI.pm being available. Dave...
RE: Matt's Scripts
On Wed, 14 Mar 2001, Mark Fowler wrote: Finding out where perl is parody Stop, stop, this script archive is not ready yet! Where are the Hello world examples? Where are the detailed instructions? And why are you actually working on these scripts yet! /parody *giggle* L. delete smutty comment
Re: Matt's Scripts
Mark Fowler [EMAIL PROTECTED] writes: Finding out where perl is parody Stop, stop, this script archive is not ready yet! Where are the Hello world examples? Where are the detailed instructions? And why are you actually working on these scripts yet! /parody You're all getting ahead of yourselves. We need to write a set of helloWorld scripts that the script user can upload first to find out the basic facts about their server and check everything is working. a) You have multiple copys of the script with different shebang lines on the top. Only one of these will work and one of the things it'll do is print our is "The first line of programs you upload to this server should be #!/blah/perl" b) It checks your perl version is reasonable. Actually it probably should do this before a) in case there are several versions installed. c) It tests if you've got a borken version of CGI.pm (or CGI.pm at all) by looking at version numbers, etc. Same for other modules. d) It links to an image in the same directory as itself and explains that if the image isn't viewable then you do not have inplace cgi and the things you have to know about this e) It prints out the time, and GMT time thus highlighting to the user any problems they might have if this is wrong f) It prints out a hunk of diagnostic information (e.g. perl version, module versions, url, etc, etc) Ooh, 'configure.cgi'. If only we could assume that they had a working perl on the box that they were installing from then we could write a cunning installer script which uploaded configure.cgi to the ISP and interrogated it via a LWP::... client to get a bunch of configuration stuff, which could then be used to generate a list of scripts that could run on the user's ISP, and which could then go on and upload the scripts. Ooh... You don't even have to assume working perl on their box. You stick the interrogation stuff on the 'Not Matt's scripts' website. The punter then says "I want to run these scripts on such an ISP". NMS then checks to see if it has information about that ISP cached, and provides the appropriate scripts if so, or a copy of configure.cgi for the punter to upload. Once the punter has done the upload, he sets off an interrogation phase, which works out the capabilities of the particular user's environment and builds an appropriate script set. Hmm... it's just a simple matter of programming... -- Piers
Re: Matt's Scripts
At 10:54 14/03/01 +, you wrote: Mark Fowler [EMAIL PROTECTED] writes: Finding out where perl is Ooh, 'configure.cgi'. If only we could assume that they had a working perl on the box that they were installing from then we could write a cunning installer script which uploaded configure.cgi to the ISP and interrogated it via a LWP::... client to get a bunch of configuration stuff, which could then be used to generate a list of scripts that could run on the user's ISP, and which could then go on and upload the scripts. Could we not produce something like configure.bat which is a hybrid shell script/batch file that starts the configuration process by finding perl and then launches perl to find out installed libraries. Obviously it would produce lots of 'Command not found' messages etc but it could quickly find perl (or not) and then move into a cleaner environment. Matt Ooh... You don't even have to assume working perl on their box. You stick the interrogation stuff on the 'Not Matt's scripts' website. The punter then says "I want to run these scripts on such an ISP". NMS then checks to see if it has information about that ISP cached, and provides the appropriate scripts if so, or a copy of configure.cgi for the punter to upload. Once the punter has done the upload, he sets off an interrogation phase, which works out the capabilities of the particular user's environment and builds an appropriate script set. Hmm... it's just a simple matter of programming... -- Piers
Re: Matt's Scripts
(What do you mean with "not-inplace cgi"?)
Some servers (like my own) are configured to allow you to run perl scripts
anywhere.
Some servers (especially in the paranoid ISP land) are configured to have
a /cgi-bin/ where you have to put files in that will be 'executed'.
Typically you cannot read from these dirs with a web server (you can only
execute the program and read their output.) This is so that if you have
passwords in your scripts it's very hard for the bad guys to read these
files and get the script via the webserver no matter what mistakes you
make (e.g. if you accidentlally leave backup files around.) The main
drawback of this is that you can't serve normal files (like images) from
the same directory.
I call the first 'in place cgi' and the latter 'cgi-bin'
Hope that's clear.
Later.
Mark.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: Matt's Scripts
At Wed, 14 Mar 2001 11:28:19 + (GMT), Mark Fowler [EMAIL PROTECTED] wrote: (What do you mean with "not-inplace cgi"?) Some servers (like my own) are configured to allow you to run perl scripts anywhere. We _like_ servers configured like this. Especially if they've got some kind of file upload facility installed. We can run any code we like on them :) Some servers (especially in the paranoid ISP land) are configured to have a /cgi-bin/ where you have to put files in that will be 'executed'. Typically you cannot read from these dirs with a web server (you can only execute the program and read their output.) This is so that if you have passwords in your scripts it's very hard for the bad guys to read these files and get the script via the webserver no matter what mistakes you make (e.g. if you accidentlally leave backup files around.) The main drawback of this is that you can't serve normal files (like images) from the same directory. These servers, OTOH, are far less fun. Typically the web user has no wrtie access to the cgi-bin directory so you can't upload your own scripts there using HTTP. I call the first 'in place cgi' and the latter 'cgi-bin' I call the first 'a security nightmare' and the latter 'much safer'. Hope that's clear. Very much :) Dave...
Re: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: (What do you mean with "not-inplace cgi"?) Some servers (like my own) are configured to allow you to run perl scripts anywhere. Some servers (especially in the paranoid ISP land) are configured to have a /cgi-bin/ where you have to put files in that will be 'executed'. Typically you cannot read from these dirs with a web server (you can only execute the program and read their output.) This is so that if you have passwords in your scripts it's very hard for the bad guys to read these files and get the script via the webserver no matter what mistakes you make (e.g. if you accidentlally leave backup files around.) The main drawback of this is that you can't serve normal files (like images) from the same directory. or if for some reason the ISP edits the httpd.conf and removes execution from .pl file types // voila! .. your scripts are exposed to the world .. its not such a big deal on paranoid ISP sites as they are usually only luser scripts doing somethig tedious .. the consequences on a commercial site could be very real indeed ... I always have my cgi-bin directory outside my document root .. makes sense to me. -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 11:50:04AM +, Jon Eyre wrote: In my experience, virtually *all* isps/hosting providers use the 'separate cgi-bin directory' configuration. either for the security reasons outlined by evil dave ... Eh-hem. Evil Dave's server does *not* use seperate cgi-bin directories - but then, there's no ftp file upload, and the ftp root is in a different place from the web root anyway, and HTTP file upload is also not permitted. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Mailing list details
At Wed, 14 Mar 2001 12:52:33 -, "Robert Shiels" [EMAIL PROTECTED] wrote: I was looking for the mailing list subscription details on our london.pm.org website, and thought they were a bit hidden down on the "what we've done" page. I think they should probably be more prominent, probably on the home page. Or are we trying to maintain our exclusivity :-) Exclusivity! Take a good look round next time you're at a meeting and tell me how exclusive you think we are :) But, yes, I have _lots_ of ideas for a revamp of the web site. I might even have time to do it some time this year. Dave...
Re: Mailing list details
Dave Cross [[EMAIL PROTECTED]] quoth: * *Exclusivity! Take a good look round next time you're at a meeting and *tell me how exclusive you think we are :) * *But, yes, I have _lots_ of ideas for a revamp of the web site. I might *even have time to do it some time this year. There is also a mongers category on the lists.cpan.org page should you care to list it. e.
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 12:46:45PM +, Jon Eyre wrote: oops... Heh. Just remember, Evil Dave is the paranoid nutcase, Dave Cross is the one with the gold-plated cat. At Wed, 14 Mar 2001 13:05:05 +, David Cantrell [EMAIL PROTECTED] wrote: Evil Dave's server does *not* use seperate cgi-bin directories - but then, there's no ftp file upload, and the ftp root is in a different place from the web root anyway, and HTTP file upload is also not permitted. Evil Dave's server is therefore a different beast to a hosting company's server, which isn't really much use if their customers can't get anything on to it. My several users use scp. All of them can put anything they want on there. If you're doing hosting and letting people upload code, you have no choice but to trust your users. *BUT* by avoiding grotesqities like ftp, and by setting permissions sanely, third-parties are hard-pressed to compromise the server. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
My several users use scp. is there an idiot-proof graphical front-end for scp? windows clients? my several users require them, or they'll just continue using ftp, because it's *easier*... People are lazy, and security measures which are a pain in the arse will fail to work because the users will bypass them (summarizing from Schneier's Secrets and Lies). All of them can put anything they want on there. If you're doing hosting and letting people upload code, you have no choice but to trust your users. *BUT* by avoiding grotesqities like ftp, and by setting permissions sanely, third-parties are hard-pressed to compromise the server. dealing with clients who can't remember or don't know usernames/passwords, and the subsequent calls to isp helpdesks: "Hello, I am from web agency X, we need ftp details for customer Y so we can upload their site." And they just give 'em out. No checks, no confirming with the customers, nothing. There's little hope of securing stuff if people can be socially engineered so easily.
Re: Matt's Scripts
At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre [EMAIL PROTECTED] wrote: My several users use scp. is there an idiot-proof graphical front-end for scp? windows clients? my several users require them, or they'll just continue using ftp, because it's *easier*... They won't if you stop running the ftp daemon on the server :) On Windows I use pscp which comes from the same people as putty. It works well, but it doesn't have a pretty graphical front-end. Dave...
Re: Matt's Scripts
On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed: is there an idiot-proof graphical front-end for scp? windows clients? PuTTY. my several users require them, or they'll just continue using ftp, because it's *easier*... People are lazy, and security measures which are a pain in the arse will fail to work because the users will bypass them (summarizing from Schneier's Secrets and Lies). Then you disable ftp and smb. (And telnet, of course.) "Sorry, we can't use these because of the ban on plain-text passwords." Roger
Re: Matt's Scripts
is there an idiot-proof graphical front-end for scp? windows?
On Windows I use pscp which comes from the same people as putty. It
works well, but it doesn't have a pretty graphical front-end.
Yes there is. http://www.i-tree.org/ixplorer.htm.
I suggest you peeps read http://www.openssh.org/windows.html which lists
alternatives
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: Matt's Scripts
* Dave Cross ([EMAIL PROTECTED]) wrote: At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre [EMAIL PROTECTED] wrote: My several users use scp. is there an idiot-proof graphical front-end for scp? windows clients? my several users require them, or they'll just continue using ftp, because it's *easier*... They won't if you stop running the ftp daemon on the server :) Rule one of security: Ensure availability for authorised users this breaks it ;-) -- Greg McCarroll http://www.mccarroll.uklinux.net
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 02:55:28PM +, Michael Stevens wrote: On Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre wrote: My several users use scp. is there an idiot-proof graphical front-end for scp? windows clients? my several users require them, or they'll just continue using ftp, because it's *easier*... People are lazy, and security measures which are a pain in the arse will fail to work because the users will bypass them (summarizing from Schneier's Secrets and Lies). I've been thinking that, while not ideal, webDAV is probably the best option here. I'm told it's a) secure-ish, and b) integrates nicely with Dreamweaver and whatever microsoft's thing is. WebDAV is ok, but you'd need to run it over HTTPS to be secure. -Dom
Re: Matt's Scripts
On Wed, 14 Mar 2001, Greg McCarroll wrote:
* Dave Cross ([EMAIL PROTECTED]) wrote:
At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre [EMAIL PROTECTED] wrote:
My several users use scp.
is there an idiot-proof graphical front-end for scp? windows
clients? my several users require them, or they'll just continue
using ftp, because it's *easier*...
They won't if you stop running the ftp daemon on the server :)
Rule one of security:
Ensure availability for authorised users
this breaks it ;-)
Do what we do. Keep everything running, but shove a whopping great
ipchains (or firewall of choice) in the way. If you want to access it,
ssh tunnel it first.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: Matt's Scripts
On or about Wed, Mar 14, 2001 at 04:00:22PM +, Greg McCarroll typed: * Dave Cross ([EMAIL PROTECTED]) wrote: They won't if you stop running the ftp daemon on the server :) Rule one of security: Ensure availability for authorised users Rule zero of security: A system with no users is a system with no unauthorised users. For extra points, turn it off. Roger
Re: Matt's Scripts (SCP)
On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote: On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed: is there an idiot-proof graphical front-end for scp? windows clients? PuTTY. SCP for Windoz = http://winscp.vse.cz/eng/ SCP for Linux = well, command line scp or what ever else there is. SCP for OSX = http://www.macorchard.com/ftp.html download Rbrowser SCP for Mac = http://www.macorchard.com/ftp.html download NiftyTelnet (the open option has an SCP radio button) The Mac one is NASTY! - the OSX and Windoz ones are just like standard FTP clients (your computer on the left, remove server one the right). If anyone hears of a good gui SCP client for non-OSX mac's I'd really like to know (I've got users on my machine that need it!). Cheers Leo
Re: Matt's Scripts
On Wed, 14 Mar 2001, Dominic Mitchell wrote: On Wed, Mar 14, 2001 at 02:55:28PM +, Michael Stevens wrote: I've been thinking that, while not ideal, webDAV is probably the best option here. I'm told it's a) secure-ish, and b) integrates nicely with Dreamweaver and whatever microsoft's thing is. WebDAV is ok, but you'd need to run it over HTTPS to be secure. The other thing is that *WHEN* subversion comes out, the protocol allows for version control, and there'll actually be a decent way of implementing version control, so if the people who are doing the uploading screw up, you have some chance of rolling back. DAV over HTTPS is not that bad, though... MBM -- Matthew Byng-Maddick Home: [EMAIL PROTECTED] +44 20 8980 5714 (Home) http://colondot.net/ Work: [EMAIL PROTECTED] +44 7956 613942 (Mobile) I don't know who my grandfather was; I am much more concerned to know what his grandson will be. -- Abraham Lincoln
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote: On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed: is there an idiot-proof graphical front-end for scp? windows clients? PuTTY. http://www.chiark.greenend.org.uk/~sgtatham/putty/ In case anybody hasn't seen it, it's a very useful win32 ssh program with a terminal emulator. It even comes with an ssh-agent, which is pretty damned useful. Regarding scp, putty comes with pscp, a command line tool for uploading files. The next version also has a beginning implemntation of an sftp client and the latest version of OpenSSH also comes with an sftp server, which you could use. It's still all command line though (and its not released yet). There is a GUI front-end for pscp, available from http://www.i-tree.org/, apparently, although I haven't tried it. I don't know, but you may be able to download an eval version of some nicer copying tools courtesy of one of the professional ssh outfits. -Dom
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 03:08:03PM +, Struan Donald wrote: and people are worrying about plain scp confusing people? ssh tunneling is one of those things that appears close enough to magic that people assume it is. damn useful magic though. plus it always seems such a pain on windows It is. And a word of warning in case anybody tries it: Don't tunnel ftp over ssh. It doesn't work properly. Only 1 tunnel goes over the secure connection. Admittedly, it keeps the password out of the way, but it also leads to a false sense of security about your data being encrypted. -Dom (had to whinge to a Linux Journal author about this one)
Re: Matt's Scripts (SCP)
At 03:00 PM 14.3.2001 +, Leo Lapworth wrote: If anyone hears of a good gui SCP client for non-OSX mac's I'd really like to know (I've got users on my machine that need it!). Can Fetch do it? At a glance, I don't see anything about SCP there, but then I've only done a cursory check; it may be in there somewhere. -- Chris Devers [EMAIL PROTECTED]
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote: WebDAV is ok, but you'd need to run it over HTTPS to be secure. WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 03:13:46PM -, Jonathan Peterson wrote: There is a GUI front-end for pscp, available from http://www.i-tree.org/, apparently, although I haven't tried it. This is kind of flakey, and has trouble with stuff like files owned by a user or group with more than 8 characters in its name. This is because it determines filenames by doing ls and then counting a fixed number of columns in from the left. :-( Well, if you've got Delphi handy, you can go in and fix it... -Dom
Re: Matt's Scripts (SCP)
* Neil Ford ([EMAIL PROTECTED]) wrote: On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote: On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed: is there an idiot-proof graphical front-end for scp? windows clients? PuTTY. SCP for Windoz = http://winscp.vse.cz/eng/ SCP for Linux = well, command line scp or what ever else there is. SCP for OSX = http://www.macorchard.com/ftp.html download Rbrowser Also see Linux above, seeing as OS X has comes with OpenSSH. (10 days and counting :-) ) OS X shall be a truly wonderful thing, of course the fact that it is even possible is down to the BSD license IIRC, discuss ... ;-) -- Greg McCarroll http://www.mccarroll.uklinux.net
Re: Matt's Scripts
* at 14/03 14:59 + Mark Fowler said: Do what we do. Keep everything running, but shove a whopping great ipchains (or firewall of choice) in the way. If you want to access it, ssh tunnel it first. Would not ipsec be a better solution? It's transparent to the users, and more reliable than ssh tunnels which tend to drop if not used. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
On Wed, 14 Mar 2001, Dave Cross wrote: At Wed, 14 Mar 2001 16:10:02 +, David Cantrell [EMAIL PROTECTED] wrote: On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote: WebDAV is ok, but you'd need to run it over HTTPS to be secure. WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. An admirable point of view in my opinion. Why would anyone possibly want to run an ISP and have to deal with all the clueless people? Well, quite. Of course, if their computer hasn't got a queueing mail system, then I don't want that either :) MBM -- Matthew Byng-Maddick Home: [EMAIL PROTECTED] +44 20 8980 5714 (Home) http://colondot.net/ Work: [EMAIL PROTECTED] +44 7956 613942 (Mobile) I don't know who my grandfather was; I am much more concerned to know what his grandson will be. -- Abraham Lincoln
RE: Matt's Scripts
which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. Scp is not hard. Users should be able to use scp. However, the real point is that scp sucks. scp is to a sensible way of transfering files what command.com is to a good shell. scp is stateless. scp makes you enter your password, again, all the time. scp doesn't let you browse the remote machine (hell, even ftp manages that). scp doesn't do ASCII conversion between differing architectures. scp doesn't even let you upload two files from different directories in a single operation, where operation is defined in human rather than computer terms. sftp is obviously better in every respect than scp, and the only reason for inflicting scp on a user is to convince them to spend the cash on f-secure's sftp client for win|mac|whatever. However, a million times better than any of these is to use SMB (just not with plain text pwords). And if the client really needs to constantly upload and download files in an encrypted state, setting up a VPN is the way to go, and then they can use whatever they want, presumably SMB or NFS if the pipe is at all reliable.
Re: Matt's Scripts
Yes there is. http://www.i-tree.org/ixplorer.htm.
I've since installed WinSCP, from the list of alternatives on OpenSSH This
is also based on PuTTY and isn't so, well, dodgy as iXplorer. Forget I
ever mentioned it.
Seems to work well for me. The interface is clunky (i.e. you have to
press F5 to copy rather than drag and drop) but is still something your
average windows user would have no problems using.
http://winscp.vse.cz/eng/ (we should have just googled for winscp in the
first place)
Later.
Mark.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: Matt's Scripts
On Wed, 14 Mar 2001, David Cantrell wrote: WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. Using WebDAV on a internal staging server and then updating the live server with something rsync-ish using scp might be a good usability/security compromise If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. alas, some of us don't get to choose our users... j
Re: Matt's Scripts
* Dave Cross ([EMAIL PROTECTED]) wrote: At Wed, 14 Mar 2001 16:10:02 +, David Cantrell [EMAIL PROTECTED] wrote: On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote: WebDAV is ok, but you'd need to run it over HTTPS to be secure. WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. An admirable point of view in my opinion. Why would anyone possibly want to run an ISP and have to deal with all the clueless people? Beats me. Mike J, you used to work for AOL, you should be more than qualified to answer this one ;-) -- Greg McCarroll http://www.mccarroll.uklinux.net
Scalar Context vs List Context
... and how much trouble you can get in for not knowing the difference: http://slashdot.org/article.pl?sid=01/03/13/208259 Dave...
Re: Matt's Scripts
* at 14/03 15:22 + Michael Stevens said: On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote: WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. Admittedly rather unscientific research has shown you're actually wrong - lots of users find it very hard. enough people find moving/copying files on windows complex... when you start introducing a second computer... struan
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 03:22:59PM +, Michael Stevens wrote: On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote: WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. Admittedly rather unscientific research has shown you're actually wrong - lots of users find it very hard. "In a recent survey, 9 out of 10 MS Windows users were found to have difficulties maximising and moving their windows. Macintosh users were not admitted to the tests because they had difficulties with the door handle at the lab where the tests were being conducted." -Dom
Re: Matt's Scripts
On Wed, 14 Mar 2001, Dominic Mitchell wrote: "In a recent survey, 9 out of 10 MS Windows users were found to have difficulties maximising and moving their windows. Macintosh users were not admitted to the tests because they had difficulties with the door handle at the lab where the tests were being conducted." ROTFL
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 03:50:14PM +, Struan Donald wrote: * at 14/03 15:22 + Michael Stevens said: On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote: WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. Admittedly rather unscientific research has shown you're actually wrong - lots of users find it very hard. enough people find moving/copying files on windows complex... I said "it's not hard", not "no-one finds it hard". Stupid people will always find simple things difficult. I recognise that there are stupid people, I just want nothing to do with them. If my sister - a computer-illiterate tree-hugger - can manage scp, then it's not hard. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
Wednesday, March 14, 2001, 11:34:16 AM, grep wrote: GM * Dave Cross ([EMAIL PROTECTED]) wrote: An admirable point of view in my opinion. Why would anyone possibly want to run an ISP and have to deal with all the clueless people? GM Mike J, you used to work for AOL, you should be more than qualified GM to answer this one ;-) There are far more clueless people in the universe than clueful. As long as their money is green, or has pictures of the queen, their cc numbers pass mod 10, or other appropriate symbols, they're good customers. Also, back in the day, they didn't stay online as long as clueful people do. In fact, at one point 1/3rd of all AOL users logged on once a month or less, but still paid the $10/month. Those were the best customers. This is not as likely to happen these days though. Some people even *become* clueful. Believe it or not. -- mike
London.pm List Weekly Summary 2001-03-12
This is the eighth of hopefully many weekly summaries of the London
Perl Mongers mailing list. For the somewhat hectic week (we hit more
than a hundred messages a day again) starting 2001-03-12:
Don't forget the London.pm website for meetings etc. There isn't a
technical meeting on Thursday due to too much recent Perl
mongering. The next meeting is on Thursday 5th April, and it looks
like Marcel Grunauer might attend:
http://london.pm.org/
Leo Lapworth was trying to debug something with Devel::DProf and
couldn't understand why BEGIN was called more than once. Robert Price
and Mark Fowler pointed out that 'use Module LIST' is exactly
equivalent to 'BEGIN { require Module; import Module LIST; }', so the
module was being use-d in multiple places, which is fine:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02667.html
Jonathan Peterson asked about simple RPC modules. Suggestions
included: XML-RPC (Frontier::Client), SOAP::Lite, PlRPC, and even
CORBA::ORBit:
DJ Adams posted another interesting article on Jabber, using a picture
of him drinking a beer from the London.pm website. The thread then got
silly: Dave Cross added the line "The use of the beer glass image in
association with the Perl language is a trademark of the London Perl
Mongers" to the bottom of the website, and David Adler argued the
NY.pm should have had the honour. Marty Pauley, an impartial observer,
disagreed (pizza for NY.pm instead). Some talk of actually
trademarking this was made:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02689.html
http://www.openp2p.com/pub/a/p2p/2001/03/09/adams_1.html
http://www.jabber.org/
http://london.pm.org/dj.jpg
Deal Wilson foolishly asked about bad Perl scripts. Cue huge thread to
rewrite Matt Wright's Script Archive (a collection of notoriously
bug/security-ridden scripts), including a recommendation by Randal to
buy Matt Wright's book, bugs on the book's website, why projects to
rewrite Matt's scripts always fail, Dave Cross organising said
project, security issues, having to not use to cool modules,
idiot-installability, "Have you ever tried herding cats?"... "Food and
lots of stroking", why sendmail isn't a standard, Selena Sol having
the same name as Darren Clarke's dad, inverse sponsoring Matt Wright,
giggling, "it's just a simple matter of programming", and maybe some
work on said project:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02692.html
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02810.html
http://www.worldwidemart.com/scripts/
http://www.mattwright.com/
Simon Wistow asked about autoconf, and Dean Wilson supplied a URL to
the oh-so-useful Goat Book:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02726.html
http://sources.redhat.com/autobook/
David Cantrell spilled an IRC discussion about version control into
the list, asking for better version control alternatives to CVS and
RCS. Commercial: Perforce, ClearCase, free: Aegis (used at BlackStar),
CVS ;-):
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02732.html
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02737.html
http://www.perforce.com/
http://www.rational.com/products/clearcase/index.jsp
http://www.pcug.org.au/~millerp/aegis/aegis.html
http://www.cvshome.org/
Dave Cross pointed out that Damian Conway had written up the London.pm
meeting. We 0wn3d him:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02748.html
http://www.yetanother.org/damian/diary_February_2001.html#day_31
And finally, Andrew Bowman kidded around with Greg McCarroll in a mail
that I couldn't find in the archive so here it is for your amusment:
From: Andrew Bowman [EMAIL PROTECTED]
Subject: RE: heretics meeting
From: Greg McCarroll [SMTP:[EMAIL PROTECTED]]
i should be there from 4:30~5 ish, enjoying a relaxing
pint and explaining why i have a limp
A limp what?
Your message seems to have been truncated Greg ;-)
Andrew.
Phew! Leon
--
Leon Brocard.http://www.astray.com/
yapc::Europehttp://yapc.org/Europe/
... It is morally wrong to allow naive computer users to keep their money
Re: London.pm List Weekly Summary 2001-03-12
On Wed, Mar 14, 2001 at 06:02:04PM +, Leon Brocard wrote: a picture of him drinking a beer from the London.pm website. Misparse! Misparse! Misparse! -- We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department. (Russell Nelson, President of Crynwr Software)
Re: London.pm List Weekly Summary 2001-03-12
Leo Lapworth was trying to debug something with Devel::DProf and
couldn't understand why BEGIN was called more than once. Robert Price
and Mark Fowler pointed out that 'use Module LIST' is exactly
equivalent to 'BEGIN { require Module; import Module LIST; }', so the
module was being use-d in multiple places, which is fine:
http://www.mail-archive.com/london-pm%40lists.dircon.co.uk/msg02667.html
Did I? It's not you know. You forgot this bit of the perldoc -f use as
well:
If you don't want your namespace altered,
explicitly supply an empty list:
use Module ();
That is exactly equivalent to
BEGIN { require Module }
i.e. that use Module and use Module() are ne.
Later.
Mark.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: London.pm List Weekly Summary 2001-03-12
Content-type: matter-transport/beer-stream
That's not right. MIMEs do type/format (e.g. image/gif.) So it'd more
likely be:
Content-type: beer/guinness
Later.
Mark.
--
print "\n",map{my$a="\n"if(length$_6);' 'x(36-length($_)/2)."$_\n$a"} (
Name = 'Mark Fowler',Title = 'Technology Developer' ,
Firm = 'Profero Ltd',Web = 'http://www.profero.com/' ,
Email = '[EMAIL PROTECTED]', Phone = '+44 (0) 20 7700 9960' )
Re: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: And they just give 'em out. No checks, no confirming with the customers, nothing. There's little hope of securing stuff if people can be socially engineered so easily. That's a matter of setting policy. If there's no policy in place to prevent that, then you can expect people to do it. If you have a security policy which states that you will fire people for such gross breaches - and more importantly, you *enforce* it - then it won't happen more than once or twice. ahh .. 'enforce' .. lets be clear here .. when you say 'fire' someone are we talking about simple termination of employment, something involving a large cannon or something involving a stake some rope and a quantity of firewood? .. i believe 1) is popular in the coporate world but BOFH's realise that no 3) is more likely to win respect of the front line troops. Anyway, how on earth can the helldesk grunts get at passwords? Not even the sysadmin should be able to tell you a user's password. They should *never* be stored in plain-text. If they are, fire the sysadmin. never a truer word ... of course if you _did_ want to discover a users password its not that hard .. there are ways ... I believe we have some world renowned experts on the topic at hand ... now where is 'merlin' when you need him :) -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
Re: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: enough people find moving/copying files on windows complex... when you start introducing a second computer... hmmm I wouldn't place such creatures as far up the food chain as 'people' .. but I know what you mean. -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
Re: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: Yes there is. http://www.i-tree.org/ixplorer.htm. I've since installed WinSCP, from the list of alternatives on OpenSSH This is also based on PuTTY and isn't so, well, dodgy as iXplorer. Forget I ever mentioned it. Terraterm and TTSSH are what I have on the laptop for those 'emergency' moments. -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
RE: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: Scp is not hard. Users should be able to use scp. However, the real point is that scp sucks. scp is to a sensible way of transfering files what command.com is to a good shell. scp is stateless. scp makes you enter your password, again, all the time. err ... not if you use sshagent it doesnt which is lightyears ahead of putting plain text FTP passowrd in your .netrc file innit scp doesn't let you browse the remote machine no .. but surely thats what ssh is for ? (hell, even ftp manages that). scp doesn't do ASCII conversion between differing architectures. scp doesn't even let you upload two files from different directories in a single operation, where operation is defined in human rather than computer terms. yes it does .. you can put multiple files in the source list using absolut paths sftp is obviously better in every respect than scp, and the only reason for inflicting scp on a user is to convince them to spend the cash on f-secure's sftp client for win|mac|whatever. I dont have a problem with scp .. but I can see it would annoy the drag and drop brigade ... it works for me and I script those batch transfers and site updates anyway .. I keep meaning to look at rsync over an ssh tunnel but never seem to find the time. However, a million times better than any of these is to use SMB (just not with plain text pwords). And if the client really needs to constantly upload and download files in an encrypted state, setting up a VPN is the way to go, and then they can use whatever they want, presumably SMB or NFS if the pipe is at all reliable. ugh .. SMB .. shiver ... -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
Re: Matt's Scripts
On Wed, 14 Mar 2001, you wrote: On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote: WebDAV is not OK, cos it means installing yet more stuff on the server which is simply not needed. If a user can't use scp, then I don't want that user. I mean, it's not hard FFS. Admittedly rather unscientific research has shown you're actually wrong - lots of users find it very hard. nope .. you are answering a different question .. . NO, it's not hard FFS. but YES, lots of users find it very hard this is not because it is actually hard, but because most users are painfully clueless., and he doesn;t want em .. or indeed need em. the world is full of users (lusers ?) and you jsut can do without the painfully clueless ones .. there are many out there to chose from. Worse still the painfully clueless ones are the ones who will require the most idiotic handholding and AND want to pay the least for the service ... there is a rather good ISP on Hawaii that plainly states 'the service is not suitable for clueless users' .. ring em up and ask too many docile questions and they pull your account .. -- Robin Szemeti The box said "requires windows 95 or better" So I installed Linux!
Re[2]: Matt's Scripts
Wednesday, March 14, 2001, 1:55:03 PM, Robin wrote: RS there is a rather good ISP on Hawaii that plainly states 'the service is RS not suitable for clueless users' .. ring em up and ask too many docile RS questions and they pull your account .. My gfriend in pharmacy school plans on having a similar policy. If you're too clueless to know the differance between various prescription drugs, their proper dosages and interactions, well, you're just too stupid to live. She'll be doing the world a great service by helping eliminate all those losers who couldn't make it through eight years of uni. And don't even get her started on child proof caps. -- mike
Re: London.pm List Weekly Summary 2001-03-12
On Wed, Mar 14, 2001 at 06:19:54PM +, Michael Stevens wrote: Content-type: matter-transport/beer-stream Isn't that what happens in the bogs of Penderels Oak? -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 06:28:03PM +, Robin Szemeti wrote: On Wed, 14 Mar 2001, you wrote: That's a matter of setting policy. If there's no policy in place to prevent that, then you can expect people to do it. If you have a security policy which states that you will fire people for such gross breaches - and more importantly, you *enforce* it - then it won't happen more than once or twice. ahh .. 'enforce' .. lets be clear here .. when you say 'fire' someone are we talking about simple termination of employment, something involving a large cannon or something involving a stake some rope and a quantity of firewood? .. i believe 1) is popular in the coporate world but BOFH's realise that no 3) is more likely to win respect of the front line troops. All three. One for the legal and bean-county folks (got to stop their pension contribs and salary you know - that frees up the budget for getting another underling^Wassistant); Two to tenderise them before cooking them with number three. To *really* make an example of them, you feed the results to the ex-cow-orkers. Anyway, how on earth can the helldesk grunts get at passwords? Not even the sysadmin should be able to tell you a user's password. They should *never* be stored in plain-text. If they are, fire the sysadmin. never a truer word ... of course if you _did_ want to discover a users password its not that hard .. there are ways ... I believe we have some world renowned experts on the topic at hand ... now where is 'merlin' when you need him :) If crack works in reasonable time, then you should fire the sysadmin. It is essential nowadays to use something like MD5 shadow passwords and not just plain ol' crypt. -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Matt's Scripts
On Wed, Mar 14, 2001 at 06:44:55PM +, Robin Szemeti wrote: I dont have a problem with scp .. but I can see it would annoy the drag and drop brigade ... it works for me and I script those batch transfers and site updates anyway .. I keep meaning to look at rsync over an ssh tunnel but never seem to find the time. It is indeed lovely. Although you don't need to do tunnelling magic: rsync -options -e ssh source-list me@myserver:/destination -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ This is a signature. There are many like it but this one is mine. ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: Re[2]: Matt's Scripts
* Mike Jarvis ([EMAIL PROTECTED]) wrote: And don't even get her started on child proof caps. yeah, tell me about it - those things are impossible to get open! -- Greg McCarroll http://www.mccarroll.uklinux.net
Re: London.pm List Weekly Summary 2001-03-12
On Wed, Mar 14, 2001 at 09:39:12PM +, Greg McCarroll wrote: * David Cantrell ([EMAIL PROTECTED]) wrote: On Wed, Mar 14, 2001 at 06:19:54PM +, Michael Stevens wrote: Content-type: matter-transport/beer-stream Isn't that what happens in the bogs of Penderels Oak? Is it just me who has noticed the similarities between the bogs of Penderels Oak and the TARDIS? Yes. Definitely. Just you. None of the rest of us has noticed anything odd at all. (phew) Roger
Re: London.pm List Weekly Summary 2001-03-12
On Wed, Mar 14, 2001 at 06:19:54PM +, Michael Stevens wrote: On Wed, Mar 14, 2001 at 06:18:09PM +, Simon Cozens wrote: On Wed, Mar 14, 2001 at 06:02:04PM +, Leon Brocard wrote: a picture of him drinking a beer from the London.pm website. Misparse! Misparse! Misparse! Content-type: matter-transport/beer-stream For the unenlightened, please consult the standards document: http://www.cis.ohio-state.edu/htbin/rfc/rfc1437.html Note that the example given has unfortunately been replicated too many times already. -Dom
Re: Matt's Scripts
Robin Szemeti wrote: of course if you _did_ want to discover a users password its not that hard .. there are ways ... I believe we have some world renowned experts on the topic at hand ... now where is 'merlin' when you need him :) ITYM 'merlyn' (or 'q[merlyn]'). HTH. HAND. Cheers, Philip -- Philip Newton [EMAIL PROTECTED] All opinions are my own, not my employer's. If you're not part of the solution, you're part of the precipitate.
