I created a new plug-in / gem called acts_as_securely_transferable. It provides on-the-fly RSA encryption for secure transmission of forms/resources over non-secure connections.
See README for more details.
This is a very nice solution to encrypt password fields, credit card numbers etc. in a secure way without needing an expensive SSL certificate. Of course, the authenticity function is lost (i.e. the end user can’t verify who you are, but anybody can buy an SSL certificate too so it doesn’t make much difference). The important thing is the secure transmission of the secret details.
It makes use of this RSA implementation in JavaScript. Don’t store secret information in a CookieStore session (which is used in Rails by default now) - use, for instance, EncryptedCookieStore.
When I added the Google +1 button to one of my Web sites, I noticed that the button code given by Google is not valid HTML 5. There is a HTML 5 version, but when used with i18n (for instance, in German) the JavaScript code is:
<script type="text/javascript" src="https://apis.google.com/js/plusone.js">
{lang: 'de'}
</script>
Now this isn’t valid HTML 5 because the script tag can have either a source reference (src) or some inline script content.
So I began to search the Web and found solutions like this:
$(function(){
$('#gplus').append('<g:plusone></g:plusone>');
});
Why doesn’t make this any sense?
Short answer: If you read a newspaper and don’t understand the text - would it be helpful to find instructions how you can write the doubtful text by yourself?
Long answer: Let’s first ask why you want your code to be valid HTML. Probably to get the greatest possible compatibility with current and future browsers and to support the development of the Web. Who do you write the HTML code for?
User agents: Current and future user agents should be able to understand and render your code. In the actual case of the +1 button, user agents may either understand the code and render it or they simply ignore it. There is no need to “hide” the HTML code for them and then insert it by JavaScript because they have to interpret the code inserted by JavaScript nevertheless.
Robots: Normally, they don’t use JavaScript so they would be the target group for “hiding HTML by JS”. However, robots are designed to get most information of the Web and can parse most code that is somehow understandable. In case of correctly opened and closed tags, there is no reason why a robot shouldn’t understand a page that contains an unknown tag. Also, the most important robot is Google and I doubt that Google will reject your page because you embedded the Google +1 button. Furthermore, the actual problem is related to the
For yourself: Do you really feel better when a HTML validator tells you that your code is valid, but you know that it inserts invalid code by JavaScript?
Of course, I have a strong preference for really valid Web code - but moving invalid code from HTML to JavaScript doesn’t make any sense for me.
Where I can vote down (only for me! and maybe Google friends) all these crappy sites that are spamming the search results.
As there is no “free” like in Linux by default, I found this script which gives a good overview about the current RAM usage on FreeBSD systems.
The “freecolor” port doesn’t work for me because it’s only available for i386 systems.
Inspired by http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment
If you’re using associations, they can be set by mass-assignment by default. For instance:
class Property
has_many :rooms
end
class Room
belongs_to :property
end
Assuming this code for room creation:
@property = Property.find params[:id]
@room = @property.rooms.create params[:room]
This will work fine because even if params[:room] contains { :property_id => some_other_id }, the property of @room will be set to @property.
However, if you have an update with mass-assignment like this:
@property = Property.find params[:id]
@room = @property.rooms.find params[:room_id]
@room.update_attributes params[:room]
it is possible to change the belongs_to association by passing params[:room] => { :property_id => some_other_id }.
Of course, sometimes this is desired behaviour (think of a property user who can select which room they belong to). However, often this is a huge security hole.
The only solution I know is to use attr_accessible for all models. It’s also possible to force attr_accessible for all models by creating this initializer:
ActiveRecord::Base.send(:attr_accessible, nil)
Rails 3.0.6+
If you use auto_link to mark up links in your text, you can add the rel=”nofollow” attribute like this:
auto_link(@text, :html => { :rel => 'nofollow' })
However, if you also want to use simple_format:
simple_format(@text)
you can’t combine this by default:
simple_format(auto_link(@text, :html => { :rel => 'nofollow' }))
because then the rel=”nofollow” will be filtered by the sanitation initiated by simple_format. So, you can either tell it to don’t do sanitation or just add this into a config/initializer:
MyApp::Application.config.after_initialize do |config|
ActionView::Base.sanitized_allowed_attributes = 'rel'
end
This should work too (but doesn’t for me all times):
MyApp::Application.config.action_view.sanitized_allowed_attributes = 'rel'
Then this should work:
simple_format(auto_link(@text, :html => { :rel => 'nofollow' }))
I have made a FreeBSD port for the TeamSpeak 3 server (audio/teamspeak3-server), for amd64 and i386 architectures.
To install the port:
cd /usr/ports/audio/teamspeak3-server
make
make install
or, if you have installed portupgrade:
portinstall teamspeak3-server
It adds a teamspeak system user automatically, installs TeamSpeak into the correct directories and adds an rc.d entry. To enable the service, add
teamspeak_enable="YES"
to your /etc/rc.d and it will be started when the system boots. Use
service teamspeak status
service teamspeak start
service teamspeak stop
to manage it at runtime.
If you have a license file (licensekey.dat), put it into /usr/local/etc/teamspeak. Logs (they comprise the admin token after the first start) are stored in /var/log/teamspeak, the files at /var/db/teamspeak.
On the TeamSpeak download page, they say that one is not allowed to link to these files directly without their written permission so a port would not be allowed. However, I mailed them regarding the port and they told me that I can announce it in the forums so I think this is a permission.
After studying the manual, the service manual, various Internet sites, 3 calls to the Xerox hotline and a lot of help-requesting mails to Xerox partners (not a single one answered even when I offered money for a simple answer), I can now say that:
The Xerox Phaser 6110N network password (for the Web interface) cannot be reset. If you forget it, you can’t use the networking functionality anymore and you have downgraded it to a Phaser 6110.
The IP address can only be changed with a Windows tool - useless if you use Linux or Mac.
So: Don’t buy it.
- Me: Regarding the "Easy Energy Saver" function: Is it a hardware feature that is always available or do I need the Windows EES application/Windows drivers to run? I only use Ubuntu Linux on my system and I'm interested in maximum energy saving.
- Gigabyte: [...] It's hardware oriented designed but needed to be driven by software.
- There is no software for Linux.
- Officially we don't support any Linux distribution.
- Me (thinking): "There is no software for Linux", so energy saving is only available if you buy and use Microsoft(R) Windows(R) all the time. With any other operating system, you have to waste electrical power and harm the environment, we're sorry.
