On Tuesday 20 March 2007 02:07, Alan DuBoff wrote:
On Monday 19 March 2007 07:37 pm, Stefan Teleman wrote:
http://www.php-security.org/
This is scary...I think I'll go get a cold shower...;-)
I have to wonder, much of the online forum software is written in
PHP, and as such seems to be
Hi folks,
Thanks for all the feedback on this. I have to confess, the more complex
replies are a little above my understanding, so in the interests of concluding
this thread clearly - what is the verdict?
I think we've had 3 responses agreeing that it's probably a good thing, if for
no other
I'm happy to submit this to b.o.o (I still giggle at
that acronym!), if it's of value to everyone.
I know that it would help me out, but I'm big enough
to realise that point doesn't really count for much
;)
If it would help you out, it might help others out, provided it's
done consistently
Note that POSIX requires that if opendir() is based on file descriptors
(doesn't necessarily have to be), the file descriptor would be closed
on exec. Perhaps someone needs to get clarification whether the intent
will be for the added dirfd() to also do that; if so, a simple implementation
would
On 18/03/07, W. Wayne Liauh [EMAIL PROTECTED] wrote:
There is a beta of Flash Player 9 for Solaris at
Adobe Labs
http://labs.adobe.com/technologies/flashplayer9/
I have been able to install flashplayer9 into Builds 55b/56 (I am waiting for
Build 62)) and 10u3. This is a very painless
Hi,
Perl and PHP are often targeted on the internet. It's sad and
unfortunate, but it's the reality of things. When I use to work for a
web hosting company, we'd constantly have to deal with crackers and
script kiddies hijacking customer websites. In many cases, poorly
written perl or php code
The reason for this question is we currently have our disk setup in a hardware
raid5 on a EMC device and these disks are configured as a zfs file system.
Would it benefit us to have the disk be setup as a raidz along with the
hardware raid 5 that is already setup too? Or with this double raid
The reason for this question is we currently have our
disk setup in a hardware raid5 on a EMC device and
these disks are configured as a zfs file system.
Would it benefit us to have the disk be setup as a
raidz along with the hardware raid 5 that is already
setup too? Or with this double
Seems to work great for me
Shawn Walker, Software and Systems Analyst
[EMAIL PROTECTED] -
http://binarycrusader.blogspot.com/
Same here, except I still couldn't watch the video on Fox News (Yeah, yeah, I
know I know, being a life-long you-know-what--GW I used to lick stamps
together
Hello UNIX,
Tuesday, March 20, 2007, 5:03:36 PM, you wrote:
The reason for this question is we currently have our
disk setup in a hardware raid5 on a EMC device and
these disks are configured as a zfs file system.
Would it benefit us to have the disk be setup as a
raidz along with the
Stefan Teleman wrote:
(snip...)
I believe we should also Purify PHP. The problem is that Purify
probably won't work on Nevada, but we could build PHP on a release of
S10 they support, and it will still catch buffer overflows, ABR/ABW,
UMR, stack corruption, double deletion, etc. We could
Hi,
I support the idea of adding reduced privs to this stack to help
customers reduce the security issues that these tools expose by nature.
It's these kind of value adds that will differentiate our web stack.
Another aspect would be management. It would be nice to a tool to
manage a data center
Matt Ingenthron wrote:
It may also be interesting to see what, if anything, can be done about
reducing privilege sets for this OpenSolaris Apache/PHP stack to at
least reduce the possibility of nefarious activities if (when?) there is
a vulnerability. My colleague Alec Muffet may be able to
Stefan Teleman wrote:
I believe we should also Purify PHP. The problem is that Purify
probably won't work on Nevada, but we could build PHP on a release of
S10 they support, and it will still catch buffer overflows, ABR/ABW,
UMR, stack corruption, double deletion, etc.
Sun Studio's dbx
On Tuesday 20 March 2007 06:16 am, Octave Orgeron wrote:
Perl and PHP are often targeted on the internet. It's sad and
unfortunate, but it's the reality of things. When I use to work for a
web hosting company, we'd constantly have to deal with crackers and
script kiddies hijacking customer
On Tuesday 20 March 2007 09:45 am, Matt Ingenthron wrote:
It may also be interesting to see what, if anything, can be done about
reducing privilege sets for this OpenSolaris Apache/PHP stack to at
least reduce the possibility of nefarious activities if (when?) there is
a vulnerability. My
The sfwnv-discuss list might be a better venue for this discussion. Some of
the people subscribed there might not be subscribed here.
Eric
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
Alan DuBoff wrote:
I'll watch to see what Alec might have to say, but in general this is going to
be one very high maintenance package, any way we look at it. We do need the
software, it just has a lot of strings attached from any perspective we look
at it, unless the software is just left
On 3/20/07, Alan DuBoff [EMAIL PROTECTED] wrote:
When you say, So I think we'll be upgrading and patching(once 11 comes out)
the web stack on a regular basis., so you mean the community will need to
keep upgrading the package(s)? I'm not sure who we'll refers to.
In this particular case we
alanc revealed:
Sun's deal for Flash was with Macromedia, before the
Adobe
merger, so I don't think it can be read as any sign
of change
from the Adobe side.
Ah, didn't realise that. I'm guessing a large wad of cash changed hands. Here's
me thinking they realised Solaris was *the*
That's too strong especially when talking about raidz
vs HW raid-5.
Depending on workload raidz can give you much worse
performance (or
better). Additionally current hot spare support in
ZFS is far from
perfect.
Probably the best thing to do in OP's case is to run some tests and get some
That's really good news.
The next big bang may be: Jörg Schilling is joining Debian.
Everything seems possible ;)
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
Alan,
I don't think you really care about .deb packages either, what I *think*
you're saying is give me a packaging system that works like apt does!, if I
understand you correctly. I'm in agreement with you, if that is what you
meant, and packaging is being looked at inside (Open)Solaris
On Tuesday 20 March 2007 02:59 pm, Nicolas Linkert wrote:
That's really good news.
The next big bang may be: Jörg Schilling is joining Debian.
Everything seems possible ;)
Ah, now it's all making sense...I did note he had some good things to say
about Debian in his OGB podcast, maybe Joerg
On Tue, 20 Mar 2007, David Lloyd wrote:
Indeed, apt-get for Solaris would be quite useful
:P
Blastwave.org is thataway -
Sad to say, but upgrading services (ldap, web, etc) running from Blastwave
packages caused us a bunch of grief. We went back to building our own.
Doing a
All - as discussed, we have enabled anonymous pull on the project, and
we're definitely open to community contributions to the project.
I put some ideas on the project home page under Development
Opportunities of things which would be useful, such as power
management, drivers, library and kernel
hello Ian
its very nice, to see u here, I am also new to solaris, now I am assured to get
a stable version of solaris, under your supervision.
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
Hi,
I have weird situation.
Sun server A can't mount windows server B share, but it can mount other Sun
server shares.
The thing is other servers can mount B's share very well, another word, server
A just can't mount any share from Windows server B. Only reboot can solve this
problem.
it
hello Ian
its very nice, to see u here, I am also new to
solaris, now I am assured to get a stable version of
solaris, under your supervision.
The arrival of a respected figure is one thing, but I think that (allowing
for the odd glitch nothing so complicated is ever totally free of),
Alan DuBoff wrote:
On Tuesday 20 March 2007 02:59 pm, Nicolas Linkert wrote:
That's really good news.
The next big bang may be: Jörg Schilling is joining Debian.
Everything seems possible ;)
Ah, now it's all making sense...I did note he had some good things to say
about Debian in his OGB
Now, y'all boys realize what this leads to. Simon
joining MSFT. Don't make me say it! Wait, I just said it... Owh.
-Artem.
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
OMG it totally makes sense now!
This
(Apologies for the delay.)
If the amateur masses with a small number of ineffecitvely
managed full time engineers can produce a product that
has been able to threaten a well engineered product such
as Solaris, how would you propose responding to that?
Hmm - what innovation? Actually delivering
32 matches
Mail list logo