Re: Matt's Scripts Projects

[Dominic Mitchell]

On Thu, Mar 22, 2001 at 06:27:51PM +0100, Philip Newton wrote:
> Dominic Mitchell wrote:
> > On Thu, Mar 22, 2001 at 06:19:27PM +0100, Philip Newton wrote:
> > [unzip]
> >
> > > Which, according to its home page at
> > > http://www.info-zip.org/pub/infozip/UnZip.html , is "the 
> > > third most portable program in the world".
> > 
> > Probably after kermit and "hello world".  :-)
> 
> You read the web page, didn't you.

Nope, just guessing, based upon years of spending too much time staring
at source code.  *sigh*.  Must remember to get a life one of these
days...

-Dom

Re: Matt's Scripts Projects

[Philip Newton]

Dominic Mitchell wrote:
> On Thu, Mar 22, 2001 at 06:19:27PM +0100, Philip Newton wrote:
> [unzip]
>
> > Which, according to its home page at
> > http://www.info-zip.org/pub/infozip/UnZip.html , is "the 
> > third most portable program in the world".
> 
> Probably after kermit and "hello world".  :-)

You read the web page, didn't you.

Footnote: "* ``Hello, world'' would be the first, of course. C-Kermit is
probably second, sigh... "

Cheers,
Philip
-- 
Philip Newton <[EMAIL PROTECTED]>
All opinions are my own, not my employer's.
If you're not part of the solution, you're part of the precipitate.

Re: Matt's Scripts Projects

[Dominic Mitchell]

On Thu, Mar 22, 2001 at 06:19:27PM +0100, Philip Newton wrote:
> Robin Szemeti wrote:
> > On Tue, 20 Mar 2001, you wrote:
> > 
> > > BTW - I've just had some fun trying to uncompress a .zip 
> > > file on Linux!  tar gzip and gunzip don't seem to want to
> > > know. Guess that makes me a luser!
> > 
> > you need the  unzip(1)
> 
> Which, according to its home page at
> http://www.info-zip.org/pub/infozip/UnZip.html , is "the third most portable
> program in the world".

Probably after kermit and "hello world".  :-)

-Dom

Re: Matt's Scripts Projects

[Philip Newton]

Robin Szemeti wrote:
> On Tue, 20 Mar 2001, you wrote:
> 
> > BTW - I've just had some fun trying to uncompress a .zip 
> > file on Linux!  tar gzip and gunzip don't seem to want to
> > know. Guess that makes me a luser!
> 
> you need the  unzip(1)

Which, according to its home page at
http://www.info-zip.org/pub/infozip/UnZip.html , is "the third most portable
program in the world".

Cheers,
philip
-- 
Philip Newton <[EMAIL PROTECTED]>
All opinions are my own, not my employer's.
If you're not part of the solution, you're part of the precipitate.

Re: Matt's Scripts Projects

[Jonathan Stowe]

On Tue, 20 Mar 2001, David Cantrell wrote:

> On Tue, Mar 20, 2001 at 05:48:25PM +, Michael Stevens wrote:
> > On Tue, Mar 20, 2001 at 05:38:09PM +, David Cantrell wrote:
> > > Then they deserve to be hurt.  Really.  We can't possibly support
> > > dribbling idiots, and frankly, I have no wish to do so.  If someone is
> > > scared by a .tar.gz extension then they have no business installing
> > > software.  Even if just for their own use.
> > 
> > I thought one of the goals of this project was to support "dribbling
> > idiots"?
> 
> Idiots maybe, but not those who are sooo lacking in necessary skills that
> they are scared by gzipped tarballs.  Don't forget, these morons are
> going to have to know how to get the files to their server, do the
> appropriate chmodding, tweak config variables in the script - if you're
> clueless enough to be scared off by .tar.gz then you're guaranteed to
> fail anyway.
> 

So then they go and download the buggy, insecure, crap script from MSA and
when they fail they decide that Perl is crap 


/J\
-- 
Jonathan Stowe <[EMAIL PROTECTED]>
http://www.gellyfish.com

Re: Matt's Scripts Projects

[Robin Szemeti]

On Tue, 20 Mar 2001, you wrote:

> BTW - I've just had some fun trying to uncompress a .zip file on Linux!  tar
> gzip and gunzip don't seem to want to know. Guess that makes me a luser!

you need the  unzip(1)

NAMEunzip  -  list, test and extract compressed files in a ZI
 archive  

DESCRIPTIONunzip  will  list,  test,  or  extract  files  from  a ZIP
archive, commonly found on MS-DOS  systems.The  default   
behavior  (with no options) is to extract into the current   
directory (and subdirectories below it) all files from the   
specified ZIP archive.  A companion program, zip(1), creates
ZIP  archives;  both  programs  are  compatible  with archives
created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many
cases the program options or default behaviors differ.   

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts Projects

[Gareth Harper]

- Original Message -
From: "Robert Shiels" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 6:47 PM
Subject: Re: Matt's Scripts Projects


> .tar.gz - wtf is that, why isn't there a zip file.
>
> People keep misunderstanding this point: just because someone is using
> windows/mac doesn't make them a moron. They may well be, but I know quite
a
> few unix morons too. It is a different skillset.

True and also winzip makes the tar.gz file have a nice little zip icon, just
like a .zip file, so they won't actually know the difference.


Gareth

Re: Matt's Scripts Projects

[Robert Shiels]

> On Tue, 20 Mar 2001, David Cantrell wrote:
>
> > On Tue, Mar 20, 2001 at 05:48:25PM +, Michael Stevens wrote:
> > > On Tue, Mar 20, 2001 at 05:38:09PM +, David Cantrell wrote:
> > > > Then they deserve to be hurt.  Really.  We can't possibly support
> > > > dribbling idiots, and frankly, I have no wish to do so.  If someone
is
> > > > scared by a .tar.gz extension then they have no business installing
> > > > software.  Even if just for their own use.
> > >
> > > I thought one of the goals of this project was to support "dribbling
> > > idiots"?
> >
> > Idiots maybe, but not those who are sooo lacking in necessary skills
that
> > they are scared by gzipped tarballs.  Don't forget, these morons are
> > going to have to know how to get the files to their server, do the
> > appropriate chmodding, tweak config variables in the script - if you're
> > clueless enough to be scared off by .tar.gz then you're guaranteed to
> > fail anyway.

Seems to me you don't really understand windows very well :-)

ws-ftp/ ftp explorer - drag and drop files onto your server

chmod - who needs that, the directory is executable already, all files are
too.

tweak config files - notepad will allow the user to either add or remove a #
from the appropriate lines in the file - these will be marked.

.tar.gz - wtf is that, why isn't there a zip file.

People keep misunderstanding this point: just because someone is using
windows/mac doesn't make them a moron. They may well be, but I know quite a
few unix morons too. It is a different skillset.

If a Mac user is trying to set up some perl scripts on a windows machine, he
may well have had no exposure to .tar.gz files (hqx, sit, zip, pak, arc
maybe). Files should be available in the format that is most commonly used
for the OS.



/Robert

BTW - I've just had some fun trying to uncompress a .zip file on Linux!  tar
gzip and gunzip don't seem to want to know. Guess that makes me a luser!

Re: Matt's Scripts Projects

[Aaron Trevena]

On Tue, 20 Mar 2001, David Cantrell wrote:

> On Tue, Mar 20, 2001 at 05:48:25PM +, Michael Stevens wrote:
> > On Tue, Mar 20, 2001 at 05:38:09PM +, David Cantrell wrote:
> > > Then they deserve to be hurt.  Really.  We can't possibly support
> > > dribbling idiots, and frankly, I have no wish to do so.  If someone is
> > > scared by a .tar.gz extension then they have no business installing
> > > software.  Even if just for their own use.
> > 
> > I thought one of the goals of this project was to support "dribbling
> > idiots"?
> 
> Idiots maybe, but not those who are sooo lacking in necessary skills that
> they are scared by gzipped tarballs.  Don't forget, these morons are
> going to have to know how to get the files to their server, do the
> appropriate chmodding, tweak config variables in the script - if you're
> clueless enough to be scared off by .tar.gz then you're guaranteed to
> fail anyway.

I don't know - maybe in your inexperience you have a windowsy perl book
(there are some out there) or a poor cgi book to work from that never
mentions tgz or .tar.gz - its an additional obstacle - they'd only go an
use MSA.

A.

-- 
http://termisoc.org/~betty"> Betty @ termisoc.org 
"As a youngster Fred fought sea battles on the village pond using a 
complex system of signals he devised that was later adopted by the Royal 
Navy. " (this email has nothing to do with any organisation except me)

Re: Matt's Scripts Projects

[David Cantrell]

On Tue, Mar 20, 2001 at 05:48:25PM +, Michael Stevens wrote:
> On Tue, Mar 20, 2001 at 05:38:09PM +, David Cantrell wrote:
> > Then they deserve to be hurt.  Really.  We can't possibly support
> > dribbling idiots, and frankly, I have no wish to do so.  If someone is
> > scared by a .tar.gz extension then they have no business installing
> > software.  Even if just for their own use.
> 
> I thought one of the goals of this project was to support "dribbling
> idiots"?

Idiots maybe, but not those who are sooo lacking in necessary skills that
they are scared by gzipped tarballs.  Don't forget, these morons are
going to have to know how to get the files to their server, do the
appropriate chmodding, tweak config variables in the script - if you're
clueless enough to be scared off by .tar.gz then you're guaranteed to
fail anyway.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts Projects

[David Cantrell]

On Tue, Mar 20, 2001 at 11:43:08AM -0500, Chris Devers wrote:

> ...except that the Windows extension hiding feature only applies to files seen 
>through the normal filesystem tools (Windows Explorer, various dialog boxes, etc), 
>and not Internetty stuff. People might still be scared off by seeing a web or ftp 
>site that doesn't have any .zip files...

Then they deserve to be hurt.  Really.  We can't possibly support
dribbling idiots, and frankly, I have no wish to do so.  If someone is
scared by a .tar.gz extension then they have no business installing
software.  Even if just for their own use.



-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts Projects

[Robin Szemeti]

On Tue, 20 Mar 2001, you wrote:
> All this is pre-ir35:
> > as a employee of a limited company you would be paid national minimum
> > wage (4 quid an hour) .. you pay NIC and tax on that ... (minimal) .. you
> > claim expenses off the (ie your own) company for all the driving around
> > you do and having to buy things and accomodation whilst away from home etc
> > ... and  whats left in the company coffers is profit. This has advance
> > corporation tax paid at 20% and ends up in the pockets of the
> > shareholders as tax free income upto 30K each a year
> 
> Rubbish ;)  its NIC free, not tax free.

true, technically its not tax free ..  as the company has paid 20% on
it which is only 2% less (or is it 3%) less than basic rate. the big
saving is if you are able to split it across 2 shareholders eg you and
your wife, thus avoiding the 40% thing. for reasons less than clear to me
this money is treated as being +10% gross (ie for every 1000 pounds you
get it counts as 1100 pounds of tax-paid income .. but hey, thats what I
pay the accountant for, to understand this sort of nonsense.


> >  .. and if the share
> > holders happen to be say, you and your wife then thats a cute way of
> > getting 70K from a contract into your pockets and only paying ~ 15% tax
> > overall on it ...  now do you see why they introduced IR35 as a way of
> > trying to stop it .. ;)))
> 
> No, thats what the self-assessment form is for at the end of the year.

so long as you have paid your NIC and PAYE throughout the year and kept a
careful eye on how much the divvies come to then there should be little
else to pay ... 80~85% in your pocket is quite achievable... this is of
course when you suddenly reallise that youve been giving out divvies far
too frequently and you had an effective income of 60K each .. and that
you;ve already spent it all and owe the taxman $LOTS. ;)

the other big advantage of a limited company is that it allows you to
decide when to release the money .. as a sole trader if you earn shed
loads one year it all counts as income for that year .. with a limited
company you might decide that the dividend would not be paid until say ..
the end of April, thus it would count towards your income for next year
and avoid the 40% thing .. which if you take a lot of holidays or find it
difficult to get a contract could be advantageous to be able to do that
sort of thing from time to time.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

RE: Matt's Scripts Projects

[Chris Devers]

At 04:07 PM 20.3.2001 +, you wrote:
>> Not neccesary from a techical point of view.  Neccesary from a 
>> social point of view (What's this extension!  I don't understand!  
>> What's going on!  
>
>Except that windows machines tend not to even show the extension by
>default, and so the file will just have a little WinZip icon[0], which 
>means they should be happy. 

...except that the Windows extension hiding feature only applies to files seen through 
the normal filesystem tools (Windows Explorer, various dialog boxes, etc), and not 
Internetty stuff. People might still be scared off by seeing a web or ftp site that 
doesn't have any .zip files...

>Oh no, wait a minute, I think it uncompresses the .gz bit then prompts 
>for what to do with the .tar bit, which might scare them off.

That too -- that's a pain in the arse: it ends up adding a seemingly superfluous step 
to the process that could be off-putting to Win-natives. 



--
Chris Devers [EMAIL PROTECTED]

Re: Matt's Scripts Projects

[Redvers Davies]

All this is pre-ir35:
> as a employee of a limited company you would be paid national minimum
> wage (4 quid an hour) .. you pay NIC and tax on that ... (minimal) .. you
> claim expenses off the (ie your own) company for all the driving around
> you do and having to buy things and accomodation whilst away from home etc
> ... and  whats left in the company coffers is profit. This has advance
> corporation tax paid at 20% and ends up in the pockets of the
> shareholders as tax free income upto 30K each a year

Rubbish ;)  its NIC free, not tax free.

>.. and if the share
> holders happen to be say, you and your wife then thats a cute way of
> getting 70K from a contract into your pockets and only paying ~ 15% tax
> overall on it ...  now do you see why they introduced IR35 as a way of
> trying to stop it .. ;)))

No, thats what the self-assessment form is for at the end of the year.

Re: Matt's Scripts Projects

[Robin Szemeti]

On Tue, 20 Mar 2001, you wrote:
> - Original Message -
> From: "Robin Szemeti" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, March 20, 2001 3:06 PM
> Subject: Re: Matt's Scripts Projects
> 
> 
> > On Tue, 20 Mar 2001, you wrote:
> > apart from that the benfits of running as a Limited Company are large
> > (ish) assuming you can escape from the clutches of IR35. by careful
> > handling of the way you do things your overall tax and NIC burden can be
> > 'effectivley managed' and you should see 80~85% of what you earn actually
> > ending up in your pocket.
> 
> but iosn;t the same true when acting as a Sole Trader ?  You still invoice
> people as you would as a Limited Company (I asked an accountant friend of
> mine for advice and he suggested I go with Sole Trader which is why I'm
> asking)

nope nothing like.

as sole trader all monies received (- expenses) are treated as income ..
thus you pay NIC on the whole lot .. tax at 23% or whatever up to 30K and
then tax at 40% above 30k(ish). 

as a employee of a limited company you would be paid national minimum
wage (4 quid an hour) .. you pay NIC and tax on that ... (minimal) .. you
claim expenses off the (ie your own) company for all the driving around
you do and having to buy things and accomodation whilst away from home etc
... and  whats left in the company coffers is profit. This has advance
corporation tax paid at 20% and ends up in the pockets of the
shareholders as tax free income upto 30K each a year  .. and if the share
holders happen to be say, you and your wife then thats a cute way of
getting 70K from a contract into your pockets and only paying ~ 15% tax
overall on it ...  now do you see why they introduced IR35 as a way of
trying to stop it .. ;)))

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

RE: Matt's Scripts Projects

[Matthew Jones]

> Not neccesary from a techical point of view.  Neccesary from a social
> point of view (What's this extension!  I don't understand!  
> What's going on!  

Excewpt that windows machines tend not to even show the extension by
default, and so the file will just have a little WinZip icon[0], which means
they should be happy. 

Oh no, wait a minute, I think it uncompresses the .gz bit then prompts for
what to do with the .tar bit, which might scare them off.

Just shut up, matt. 

-- 
matt
"'scuse me trooper, will you be needing any packets today?
hey, baby, don't be pulling on my socket, okay?"

[0] Or whatever handles .tar.gz on their machine.

Re: Matt's Scripts Projects

[Redvers Davies]

> here.  Those of you who have yor own company.  Did you set yourselves up as
> a Limited Company, or as a Sole Trader.  If you set yourself up as a limited
> company did/do you have liability insurance etc.

Ltd, with insurance.

Re: Matt's Scripts Projects

[brianr]

Marty Pauley writes:
 > On Tue Mar 20 11:46:25 2001, Gareth Harper wrote:
 > > On a completely off topic note I'm appealing to the contractors among you
 > > here.  Those of you who have yor own company.  Did you set yourselves up as
 > > a Limited Company, or as a Sole Trader.  If you set yourself up as a limited
 > > company did/do you have liability insurance etc.
 > 
 > Limited Company.  Clients and agents all seem happier when dealing with
 > a Limtied Company.  Many just assume you have one and you could have a
 > few problems getting paid if you don't.
 > 
 > I don't have liability insurance, but don't look at me as a good
 > example: I paid my tax a year late, and keep forgetting to send in my
 > VAT returns!

That pretty much describes me too.

Regarding insurance, the PCG (http://www.pcgroup.org.uk) have arranged
deals on professional indemnity and medical insurance which may be
worth a butchers.

-- 
Brian Raven

My arthritic pinkies are already starting to ache just thinking about =.
 -- Larry Wall in <[EMAIL PROTECTED]>

Re: Matt's Scripts Projects

[Simon Wilcox]

At 15:40 20/03/2001 +, Gareth Harper wrote:
>- Original Message -
>From: "Robin Szemeti" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, March 20, 2001 3:06 PM
>Subject: Re: Matt's Scripts Projects
>
>
> > On Tue, 20 Mar 2001, you wrote:
> > apart from that the benfits of running as a Limited Company are large
> > (ish) assuming you can escape from the clutches of IR35. by careful
> > handling of the way you do things your overall tax and NIC burden can be
> > 'effectivley managed' and you should see 80~85% of what you earn actually
> > ending up in your pocket.
>
>but iosn;t the same true when acting as a Sole Trader ?  You still invoice
>people as you would as a Limited Company (I asked an accountant friend of
>mine for advice and he suggested I go with Sole Trader which is why I'm
>asking)

IANAL but I think that clients become liable for paying certain dues, NI 
IIRC, if you, as a sole trader or casual worker, are based on a client 
site, directed by the client, for a long period of time (for some value, 
unknown to me, of "long").

By retaining a limited company, the client is absolved of this obligation.

There could be other reasons or this reason could be completely false. It's 
been several years since I looked at this.

Simon.

Re: Matt's Scripts Projects

[Gareth Harper]

- Original Message -
From: "Robin Szemeti" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 3:06 PM
Subject: Re: Matt's Scripts Projects


> On Tue, 20 Mar 2001, you wrote:
> apart from that the benfits of running as a Limited Company are large
> (ish) assuming you can escape from the clutches of IR35. by careful
> handling of the way you do things your overall tax and NIC burden can be
> 'effectivley managed' and you should see 80~85% of what you earn actually
> ending up in your pocket.

but iosn;t the same true when acting as a Sole Trader ?  You still invoice
people as you would as a Limited Company (I asked an accountant friend of
mine for advice and he suggested I go with Sole Trader which is why I'm
asking)

Thanks

Gareth Harper

Re: Matt's Scripts Projects

[Robin Szemeti]

On Tue, 20 Mar 2001, you wrote:
> On Tue Mar 20 11:46:25 2001, Gareth Harper wrote:
> > On a completely off topic note I'm appealing to the contractors among you
> > here.  Those of you who have yor own company.  Did you set yourselves up as
> > a Limited Company, or as a Sole Trader.  If you set yourself up as a limited
> > company did/do you have liability insurance etc.
> 
> Limited Company.  Clients and agents all seem happier when dealing with
> a Limtied Company.  Many just assume you have one and you could have a
> few problems getting paid if you don't.

apart from that the benfits of running as a Limited Company are large
(ish) assuming you can escape from the clutches of IR35. by careful
handling of the way you do things your overall tax and NIC burden can be
'effectivley managed' and you should see 80~85% of what you earn actually
ending up in your pocket.

If the money was paid to you as a salary you'd be lucky to see 50% of
it.  It also reduces the NIC burden on the employer... by removing the
12.2% employers contribution, so they can afford to pay you even more :)) 

So Limited Company everytime if you can .. works best for both sides. The
costs of setup are small, the costs (in terms of time to admin it) is
small (1 hour a week max, plus a couple of days at some poin tduring hte
year to get it all together and hassle the accountant) but the benfits,
financially are significant.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts Projects

[Marty Pauley]

On Tue Mar 20 11:46:25 2001, Gareth Harper wrote:
> On a completely off topic note I'm appealing to the contractors among you
> here.  Those of you who have yor own company.  Did you set yourselves up as
> a Limited Company, or as a Sole Trader.  If you set yourself up as a limited
> company did/do you have liability insurance etc.

Limited Company.  Clients and agents all seem happier when dealing with
a Limtied Company.  Many just assume you have one and you could have a
few problems getting paid if you don't.

I don't have liability insurance, but don't look at me as a good
example: I paid my tax a year late, and keep forgetting to send in my
VAT returns!

-- 
Marty

Re: Matt's Scripts Projects

[Gareth Harper]

- Original Message -
From: "Robert Shiels" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 12:12 PM
Subject: Re: Matt's Scripts Projects


> > - Original Message -
> > From: "Jonathan Stowe" <[EMAIL PROTECTED]>
> > > Dave Cross <[EMAIL PROTECTED]> said:
> >
> > > > * Bundling. Need to build gzipped tarballs of our new versions (I
> > > guess
> > > > this should be built on top of the CVS stuff). Matt makes pkzipped
> > > > versions avaiable as well - so should we.
> >
> > Winzip (what most windows users these days use to unzip) handlers tar.gz
> by
> > default so that may not be neccesary.
>
> If all the files are created in unix, they may well not have \n\r at the
end
> of the lines, which make them a bugger to edit in notepad (wordpad and
even
> edit handle them OK though.) So I think the archive should have windows
> versions of the text files that work in notepad.
>

CVS (I use GNU winCVS in windows) handles all these conversions for you, but
if someone wants to download a zip (whatever format) or a certain script (or
doesn't care about CVS) then the zip will need to contain the \n\r.

Re: Matt's Scripts Projects

[Robert Shiels]

> - Original Message -
> From: "Jonathan Stowe" <[EMAIL PROTECTED]>
> > Dave Cross <[EMAIL PROTECTED]> said:
>
> > > * Bundling. Need to build gzipped tarballs of our new versions (I
> > guess
> > > this should be built on top of the CVS stuff). Matt makes pkzipped
> > > versions avaiable as well - so should we.
>
> Winzip (what most windows users these days use to unzip) handlers tar.gz
by
> default so that may not be neccesary.

If all the files are created in unix, they may well not have \n\r at the end
of the lines, which make them a bugger to edit in notepad (wordpad and even
edit handle them OK though.) So I think the archive should have windows
versions of the text files that work in notepad.

/Robert

Re: Matt's Scripts Projects

[Dominic Mitchell]

On Tue, Mar 20, 2001 at 11:51:26AM +, Michael Stevens wrote:
> On Tue, Mar 20, 2001 at 11:46:25AM -, Gareth Harper wrote:
> > Winzip (what most windows users these days use to unzip) handlers tar.gz by
> > default so that may not be neccesary.
> 
> Yes, but I think we should have .zip files because the users may
> not know this.

Also, we have nice easy zip-creation tools under Unix, so it shouldn't
be a bear.  If you've got a module using MakeMaker, you can do "make
zipdist" for an example of how to go about using them.

-Dom

Re: Matt's Scripts Projects

[Mark Fowler]

On the subject of having zip archives as well as tarballs on the server,
Gareth Harper said:
 
> Winzip (what most windows users these days use to unzip) handlers tar.gz by
> default so that may not be neccesary.

Not neccesary from a techical point of view.  Neccesary from a social
point of view (What's this extension!  I don't understand!  What's going
on!  What are all these weird charges from AOL?  etc)

Later.

Mark.

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts Projects

[Gareth Harper]

- Original Message -
From: "Jonathan Stowe" <[EMAIL PROTECTED]>
> Dave Cross <[EMAIL PROTECTED]> said:



> > * Bundling. Need to build gzipped tarballs of our new versions (I
> guess
> > this should be built on top of the CVS stuff). Matt makes pkzipped
> > versions avaiable as well - so should we.
> >
>
> This should probably done on the CVS server.

Winzip (what most windows users these days use to unzip) handlers tar.gz by
default so that may not be neccesary.

On a completely off topic note I'm appealing to the contractors among you
here.  Those of you who have yor own company.  Did you set yourselves up as
a Limited Company, or as a Sole Trader.  If you set yourself up as a limited
company did/do you have liability insurance etc.

Thanks
Gareth Harper

Re: Matt's Scripts Projects

[Jonathan Stowe]

Dave Cross <[EMAIL PROTECTED]> said:

> 
> Seems like we've made a reasonable start on this project. We already
> have a few scripts written - anyone want to report progress on any 
of 
> the others?

I have Guestbook, FFA and simple search all ready to for testing 
elsewhere - I'll package and upload them somewhere this evening.

I looked at wwwboard as well and discovered that I had got as far as 
making it strict and use CGI.pm so whover is working on that can have 
my work in progress if they want :)

> 
> What we need now is to start to impose some structure on the 
project.
> Here are a few ideas:
> 
> * CVS Repository (on Penderel?)
> 
> * Testing both our versions and the originals on as many platforms 
as
> possible. Ensuring that our scripts do the same thing as Matt's.
> 
> * Licensing. Matt has a huge great license on all of his scripts. We
> should replace it with the standard "under the same tersm as Perl
> itself" statement.
> 
> * Copyright. All the scripts (and the HTML pages) have Matt's 
copyright.
> We should change that to ours.
> 
> * HTML. Most of the scripts have associated HTML pages. I've not 
looked
> at them yet, but judging by the HTML I've seen in the scripts I've 
> looked at, Matt's HTML isn't much better than his Perl. I'd 
recommend
> changing all the HTML to XHTML.
>

I have run tidy over all of it and converted it to HTML 4 
Transitional but XHTML would be just as easy.  I can download the 
rest of the scripts and then fix the associated HTML too.
 
> * Bundling. Need to build gzipped tarballs of our new versions (I 
guess
> this should be built on top of the CVS stuff). Matt makes pkzipped
> versions avaiable as well - so should we.
> 

This should probably done on the CVS server.

> * Web page. Need somewhere to point potential users at. Probably two
> versions - one for the developers and one for the users. This can be
> a subdirectory on london.pm.org.
> 

Unfortunately because I am without laptop at the moment things are a 
bit difficult - I have had to press my very old machine into service.

Oh BTW are we allowing POSIX in ?  I had used that in the Guestbook 
for strftime ...

/J\
-- 
I'm obviously challenged at the moment give me a break.

Re: Matt's Scripts Projects

[Simon Wilcox]

At 14:59 19/03/2001 +, Simon Wistow wrote:
>Chris Devers wrote:
>
> > Probably, as is "The Matt's Wrong Archive", which is probably far
> > too negative & obvious anyway... ;)
>
>But if Matt Sergeant put it up ...

... it would all be in XML ;-)

Re: Matt's Scripts Projects

[Simon Wistow]

Chris Devers wrote:

> Probably, as is "The Matt's Wrong Archive", which is probably far
> too negative & obvious anyway... ;)

But if Matt Sergeant put it up ...

Re: Matt's Scripts Projects

[Chris Devers]

At 01:12 PM 19.3.2001 +, Simon Wilcox wrote:
>At 12:40 19/03/2001 +, Mark Fowler wrote:
>>It has occured to us we need a decent name for this.  Discussion 
>>on IRC has concluded that:
>>
>> a) It shouldn't mention Matt in the title.
>
>So "Not the Matt Wright Archive" is out then ;-)

Probably, as is "The Matt's Wrong Archive", which is probably far 
too negative & obvious anyway... ;)




--
Chris Devers [EMAIL PROTECTED]

Re: Matt's Scripts Projects

[Robert Shiels]

From: "Simon Wilcox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: 19 March 2001 13:34
Subject: Re: Matt's Scripts Projects


> At 13:18 19/03/2001 +, Mark Fowler wrote:
> >On Mon, 19 Mar 2001, Simon Wilcox wrote:
> >
> > > >  b) That is should have a name that appeals to newbies.
> > >
> > > How about EasyScripts ? the domain name is available, anyway.
> >
> >Not very perl, but I like it.  Something similar though.
> 
> EasyPerlScripts or even EZPerlScripts (for the American audience :) ?
> 
EZPS, pronounced Easy Peas :-)

/Robert 

RE: Matt's Scripts Projects

[Simon Batistoni]

> At 13:18 19/03/2001 +, Mark Fowler wrote:
> >On Mon, 19 Mar 2001, Simon Wilcox wrote:
> >
> > > >  b) That is should have a name that appeals to newbies.
> > >
> > > How about EasyScripts ? the domain name is available, anyway.
> >
> >Not very perl, but I like it.  Something similar though.
>
> EasyPerlScripts or even EZPerlScripts (for the American audience :) ?

My own two-penn'orth would be that it's better without the 'perl'. It's
easier to say, easier to type, and to be honest, the target audience for
Matt's archive don't give a monkeys what language the script is written in.
They're told they want "a guestbook script", they go get "a guestbook
script."

Perl can be emphasised in the text of the page, and brought to the fore when
you come to optimise the page to be found in search engines, etc etc.


It's also more generic, which means you can legitimately 'funnel in'
websurfers who are looking for PHP scripts, and then brainwash^Weducate them
as to why they don't want that shit, they want *this* shit.

--
Simon Batistoni   userfrenzy
[EMAIL PROTECTED]
+44 7209 4117

Re: Matt's Scripts Projects

[Simon Wilcox]

At 13:18 19/03/2001 +, Mark Fowler wrote:
>On Mon, 19 Mar 2001, Simon Wilcox wrote:
>
> > >  b) That is should have a name that appeals to newbies.
> >
> > How about EasyScripts ? the domain name is available, anyway.
>
>Not very perl, but I like it.  Something similar though.

EasyPerlScripts or even EZPerlScripts (for the American audience :) ?

>
> > >  c) It should sound at least semi-professional[1].
> >
> > Can we make use of the PerlMonger connection and/or use the Programming
> > Republic logo ?
>
>Yes, IMHO, though IANAL.
>
>http://www.pm.org/faq.shtml
>http://republic.perl.com/logo.html
>
>The perl mongers logo is a little on the big size (and we're not allowed
>to resize it.)

Maybe a page that says "Who did this ?" & "Why did we do it ?" and fit the 
logo in there ?

Perhaps we should try and get the project endorsed in some way so that we 
can say "The Perl Mongers bring you Easy Perl Scripts" ?

But now I'm descending into Marketing so I'll shut up !

S.

Re: Matt's Scripts Projects

[Dave Cross]

At Mon, 19 Mar 2001 12:27:57 + (GMT), jo walsh <[EMAIL PROTECTED]> wrote:
> 
> > * CVS Repository (on Penderel?)
> i can sort this, perhaps with veeghelp.
> for leon and marcel's aspect oriented programming project we started a
> /home/projects directory, we could put the not-matt stuff in there 
> and CVS all of it, and make a dev group as well as the www group we 
> are using now would we want public access to part or all of the cvs 
> repository?

Sounds like a good plan to me. No strong opinions here about public
access to CVS. Anyone else?

Dave...

Re: Matt's Scripts Projects

[Mark Fowler]

On Mon, 19 Mar 2001, Simon Wilcox wrote:

> >  b) That is should have a name that appeals to newbies.
> 
> How about EasyScripts ? the domain name is available, anyway.

Not very perl, but I like it.  Something similar though.
 
> >  c) It should sound at least semi-professional[1].
> 
> Can we make use of the PerlMonger connection and/or use the Programming 
> Republic logo ?

Yes, IMHO, though IANAL.

http://www.pm.org/faq.shtml
http://republic.perl.com/logo.html

The perl mongers logo is a little on the big size (and we're not allowed
to resize it.)

Later.

Mark.

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

RE: Matt's Scripts Projects

[Clarke, Darren]

Title: RE: Matt's Scripts Projects





I was going to suggest 'Perl Is Simply Super' but frankly the acronym lets it down :¬P


Regards,


Darren Clarke
Neophyte
[EMAIL PROTECTED]

Re: Matt's Scripts Projects

[Simon Wilcox]

At 12:40 19/03/2001 +, Mark Fowler wrote:
>It has occured to us we need a decent name for this.  Discussion on IRC
>has concluded that:
>
>  a) It shouldn't mention Matt in the title.

So "Not the Matt Wright Archive" is out then ;-)

>  b) That is should have a name that appeals to newbies.

How about EasyScripts ? the domain name is available, anyway.

>  c) It should sound at least semi-professional[1].

Can we make use of the PerlMonger connection and/or use the Programming 
Republic logo ?

Simon.

Re: Matt's Scripts Projects

[Mark Fowler]

It has occured to us we need a decent name for this.  Discussion on IRC
has concluded that:

 a) It shouldn't mention Matt in the title.
 b) That is should have a name that appeals to newbies.
 c) It should sound at least semi-professional[1].

But apart from that we've been useless

Later.

Mark.

[1] Okay, so I added this one myself, but I think it's a good idea.

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts Projects

[jo walsh]

> * CVS Repository (on Penderel?)
i can sort this, perhaps with veeghelp.
for leon and marcel's aspect oriented programming project we started a
/home/projects directory, we could put the not-matt stuff in there and CVS
all of it, and make a dev group as well as the www group we are using now
would we want public access to part or all of the cvs repository?

jo



ps sorry about the bounces from abduction.org btw :(

Re: Matt's Scripts Projects

[Mark Fowler]

On Mon, 19 Mar 2001, Dave Cross wrote:

> * Web page. Need somewhere to point potential users at. Probably two
> versions - one for the developers and one for the users. This can be
> a subdirectory on london.pm.org.

I don't mind doing this bit of it.  I would quite like the idea of
creating a few web pages for someone other than myself or for work for a
bit, unless anyone's got any objections...

Later.

Mark.

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts

[Jonathan Stowe]

On Tue, 13 Mar 2001, Dave Cross wrote:

> OK, here's a list of Matt's scripts. If you'd like to have a go at 
> rewriting one or two under the rules we've discussed (no external modules, 
> -T, use strict, -w, etc), put you name next to it on this list.
> 
> Guestbook  jns
> WWWboard   jns
> Counter
> Formmail
> Random Image Displayer
> Random Link Generator
> Textclock
> Countdown
> Free For All Links jns
> Simple Search  jns
> Textcounter
> HTTP Cookie Library
> SSI Random Image Generator
> Random Text
> Animation
> 

/J\
-- 
Jonathan Stowe <[EMAIL PROTECTED]>
http://www.btinternet.com/~gellyfish/
http://www.gellyfish.com

Re: Matt's Scripts

[Jonathan Stowe]

On Tue, 13 Mar 2001, Dave Cross wrote:

> OK, here's a list of Matt's scripts. If you'd like to have a go at 
> rewriting one or two under the rules we've discussed (no external modules, 
> -T, use strict, -w, etc), put you name next to it on this list.
> 
> Simple Search

Oh I have done that one as well :)

/J\
-- 
Jonathan Stowe <[EMAIL PROTECTED]>
http://www.btinternet.com/~gellyfish/
http://www.gellyfish.com

Re: Matt's Scripts - Rand image..

[Dave Cross]

At 16:44 16/03/2001, you wrote:
>Leo Lapworth <[EMAIL PROTECTED]> writes:
>
> > This is not the same as those which daveh is writting,
> > main difference is it doesn't have configuration files
> > or code!
>
>Ah. This is probably a good time to back out. One of the other Daves
>beat me to it, and far better than I would have done it and I've got
>my VAT to do before I go to Tokyo.
>
>I'll buy whoever _does_ do mine a beer or two at the next pm meeting
>we're both at.

I did the random _text_ one. Anyone else want to take on the rest of Dave 
H's stuff as I took one over from Alex earlier this week.

Dave...



-- 
  SMS: [EMAIL PROTECTED]

Data Munging with Perl 

Re: Matt's Scripts - Rand image..

[Dave Hodgkinson]

Leo Lapworth <[EMAIL PROTECTED]> writes:

> This is not the same as those which daveh is writting,
> main difference is it doesn't have configuration files
> or code!

Ah. This is probably a good time to back out. One of the other Daves
beat me to it, and far better than I would have done it and I've got
my VAT to do before I go to Tokyo.

I'll buy whoever _does_ do mine a beer or two at the next pm meeting
we're both at.

-- 
Dave Hodgkinson, http://www.hodgkinson.org
Editor-in-chief, The Highway Star   http://www.deep-purple.com
  Interim CTO, web server farms, technical strategy
   

Re: Matt's Scripts - Rand image..

[Leo Lapworth]

Hi Guys,

I've created a random image generator (not Matt complient)
that I needed for a friend. Please feel fee to put it
in the collection.

This is not the same as those which daveh is writting,
main difference is it doesn't have configuration files
or code!

http://totoro.cuckoo.org/rand_image.txt

Thanks to the folks on IRC for some tidying ideas.

Cheers

Leo

Re: Matt's Scripts

[Robert Shiels]

Subject: Re: Matt's Scripts


> > > is there an idiot-proof graphical front-end for scp? windows?
> > 
> > On Windows I use pscp which comes from the same people as putty. It
> > works well, but it doesn't have a pretty graphical front-end.
> 
> Yes there is.  http://www.i-tree.org/ixplorer.htm. 
> 
> I suggest you peeps read http://www.openssh.org/windows.html which lists
> alternatives

FYI

I've found a site that looks pretty useful, and the following link

http://www.cotse.com/secureftp.htm

gave me a nice overview, with links, on the secure ftp topic.

/Robert

Re: Matt's Scripts

[Robin Szemeti]

On Thu, 15 Mar 2001, you wrote:
> >  now where is 
> > 'merlin' when you need him :) 
> 
> ITYM 'merlyn' (or 'q[merlyn]').

ahh yes .. you have the better of me there.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Dave Hodgkinson]

David Cantrell <[EMAIL PROTECTED]> writes:

> It is indeed lovely.  Although you don't need to do tunnelling magic:
>   rsync -options -e ssh source-list me@myserver:/destination

rsync is a wonderful beast. The -a and -z options, accompanied by
--progress (if they're big files) and --delete (for true mirroring).



-- 
Dave Hodgkinson, http://www.hodgkinson.org
Editor-in-chief, The Highway Star   http://www.deep-purple.com
  Interim CTO, web server farms, technical strategy
   

Re: Matt's Scripts

[Philip Newton]

Robin Szemeti wrote:
> of course if you _did_ want to discover a users password its
> not that hard .. there are ways ... I believe we have some
> world renowned experts on the topic at hand ... now where is 
> 'merlin' when you need him :) 

ITYM 'merlyn' (or 'q[merlyn]').

HTH. HAND.

Cheers,
Philip
-- 
Philip Newton <[EMAIL PROTECTED]>
All opinions are my own, not my employer's.
If you're not part of the solution, you're part of the precipitate.

Re: Matt's Scripts

[David H. Adler]

On Wed, Mar 14, 2001 at 03:16:17PM +, David Cantrell wrote:
> On Wed, Mar 14, 2001 at 12:46:45PM +, Jon Eyre wrote:
>  
> > oops...
> 
> Heh.  Just remember, Evil Dave is the paranoid nutcase, Dave Cross is the
> one with the gold-plated cat.

I wonder what that leaves me with.

On the other hand, I probably don't want to know...

dha

-- 
David H. Adler - <[EMAIL PROTECTED]> - http://www.panix.com/~dha/
"Perl Porters, Inc. today announced the release of version .006 of
their popular Perl5 compiler suite, codenamed `Rabid Rat'."
- Nathan Torkington on p5p (this was a *joke*)

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 06:44:55PM +, Robin Szemeti wrote:

> I dont have a problem with scp .. but  I can see it would annoy the drag
> and drop brigade ... it works for me and I script those batch transfers
> and site updates anyway .. I keep meaning to look at rsync over an ssh
> tunnel but never seem to find the time.

It is indeed lovely.  Although you don't need to do tunnelling magic:
  rsync -options -e ssh source-list me@myserver:/destination

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 06:28:03PM +, Robin Szemeti wrote:
> On Wed, 14 Mar 2001, you wrote:
> 
> > That's a matter of setting policy.  If there's no policy in place to
> > prevent that, then you can expect people to do it.  If you have a security
> > policy which states that you will fire people for such gross breaches -
> > and more importantly, you *enforce* it - then it won't happen more than
> > once or twice.
> 
> ahh .. 'enforce' .. lets be clear here .. when you say 'fire' someone are
> we talking about simple termination of employment, something involving a
> large cannon or something involving a stake some rope and a quantity of
> firewood? .. i believe 1) is popular in the coporate world but BOFH's
> realise that no 3) is more likely to win respect of the front line troops.

All three.  One for the legal and bean-county folks (got to stop their
pension contribs and salary you know - that frees up the budget for
getting another underling^Wassistant); Two to tenderise them before
cooking them with number three.  To *really* make an example of them, you
feed the results to the ex-cow-orkers.

> > Anyway, how on earth can the helldesk grunts get at passwords?  Not even
> > the sysadmin should be able to tell you a user's password. They should
> > *never* be stored in plain-text.  If they are, fire the sysadmin.
> 
> never a truer word ...  of course if you _did_ want to discover a users
> password its not that hard .. there are ways ... I believe we have some
> world renowned experts on the topic at hand ... now where is 'merlin' when
> you need him :) 

If crack works in reasonable time, then you should fire the sysadmin.  It
is essential nowadays to use something like MD5 shadow passwords and not
just plain ol' crypt.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:
> On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote:
> > WebDAV is not OK, cos it means installing yet more stuff on the server
> > which is simply not needed.  If a user can't use scp, then I don't want
> > that user.  I mean, it's not hard FFS.
> 
> Admittedly rather unscientific research has shown you're actually wrong -
> lots of users find it very hard.

nope .. you are answering a different question .. .

NO, it's not hard FFS.

but YES, lots of users find it very hard

this is not because it is actually hard, but because most users are
painfully clueless., and he doesn;t want em .. or indeed need em. the
world is full of users (lusers ?) and you jsut can do without the
painfully clueless ones .. there are many out there to chose from. Worse
still the painfully clueless ones are the ones who will require the most
idiotic handholding and  AND want to pay the least for the service ...

there is a rather good ISP on Hawaii that plainly states 'the service is
not suitable for clueless users' .. ring em up and ask too many docile
questions and they pull your account .. 

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

RE: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:

> Scp is not hard. Users should be able to use scp. However, the real point is
> that scp sucks. scp is to a sensible way of transfering files what
> command.com is to a good shell. scp is stateless. 

> scp makes you enter your
> password, again, all the time. 

err ... not if you use sshagent it doesnt

which is lightyears ahead of putting plain text FTP passowrd in your
.netrc file innit

> scp doesn't let you browse the remote machine

no .. but surely thats what ssh is for ?

> (hell, even ftp manages that). scp doesn't do ASCII conversion between
> differing architectures. 


> scp doesn't even let you upload two files from
> different directories in a single operation, where operation is defined in
> human rather than computer terms.

yes it does .. you can put multiple files in the source list using
absolut paths 

> sftp is obviously better in every respect than scp, and the only reason for
> inflicting scp on a user is to convince them to spend the cash on f-secure's
> sftp client for win|mac|whatever.

I dont have a problem with scp .. but  I can see it would annoy the drag
and drop brigade ... it works for me and I script those batch transfers
and site updates anyway .. I keep meaning to look at rsync over an ssh
tunnel but never seem to find the time.

> However, a million times better than any of these is to use SMB (just not
> with plain text pwords). And if the client really needs to constantly upload
> and download files in an encrypted state, setting up a VPN is the way to go,
> and then they can use whatever they want, presumably SMB or NFS if the pipe
> is at all reliable.

ugh .. SMB .. shiver ...

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:
> > Yes there is.  http://www.i-tree.org/ixplorer.htm. 
> 
> I've since installed WinSCP, from the list of alternatives on OpenSSH This
> is also based on PuTTY and isn't so, well, dodgy as iXplorer.  Forget I
> ever mentioned it.

Terraterm and TTSSH are what I have on the laptop for those 'emergency'
moments.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:

> enough people find moving/copying files on windows complex... when
> you start introducing a second computer...

hmmm I wouldn't place such creatures as far up the food chain as 'people'
.. but I know what you mean.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:

> > And they just give 'em out. No checks, no confirming with the
> > customers, nothing. There's little hope of 
> > securing stuff if people can be socially 
> > engineered so easily.
> 
> That's a matter of setting policy.  If there's no policy in place to
> prevent that, then you can expect people to do it.  If you have a security
> policy which states that you will fire people for such gross breaches -
> and more importantly, you *enforce* it - then it won't happen more than
> once or twice.

ahh .. 'enforce' .. lets be clear here .. when you say 'fire' someone are
we talking about simple termination of employment, something involving a
large cannon or something involving a stake some rope and a quantity of
firewood? .. i believe 1) is popular in the coporate world but BOFH's
realise that no 3) is more likely to win respect of the front line troops.

> Anyway, how on earth can the helldesk grunts get at passwords?  Not even
> the sysadmin should be able to tell you a user's password. They should
> *never* be stored in plain-text.  If they are, fire the sysadmin.

never a truer word ...  of course if you _did_ want to discover a users
password its not that hard .. there are ways ... I believe we have some
world renowned experts on the topic at hand ... now where is 'merlin' when
you need him :) 

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Mike Jarvis]

Wednesday, March 14, 2001, 11:34:16 AM, grep wrote:

GM> * Dave Cross ([EMAIL PROTECTED]) wrote:

>> An admirable point of view in my opinion. Why would anyone possibly
>> want to run an ISP and have to deal with all the clueless people?

GM> Mike J, you used to work for AOL, you should be more than qualified
GM> to answer this one ;-)

There are far more clueless people in the universe than clueful.  As
long as their money is green, or has pictures of the queen, their cc
numbers pass mod 10,  or other appropriate symbols, they're good customers.

Also, back in the day, they didn't stay online as long as clueful
people do.  In fact, at one point 1/3rd of all AOL users logged on
once a month or less, but still paid the $10/month.  Those were the
best customers.  This is not as likely to happen these days though.

Some people even *become* clueful.  Believe it or not.

-- 
mike

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 03:50:14PM +, Struan Donald wrote:
> * at 14/03 15:22 + Michael Stevens said:
> > On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote:
> > > WebDAV is not OK, cos it means installing yet more stuff on the server
> > > which is simply not needed.  If a user can't use scp, then I don't want
> > > that user.  I mean, it's not hard FFS.
> > 
> > Admittedly rather unscientific research has shown you're actually wrong -
> > lots of users find it very hard.
> 
> enough people find moving/copying files on windows complex...

I said "it's not hard", not "no-one finds it hard".  Stupid people will
always find simple things difficult.  I recognise that there are stupid
people, I just want nothing to do with them.

If my sister - a computer-illiterate tree-hugger - can manage scp, then
it's not hard.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[Lucy McWilliam]

On Wed, 14 Mar 2001, Dominic Mitchell wrote:

> "In a recent survey, 9 out of 10 MS Windows users were found to have
>  difficulties maximising and moving their windows.  Macintosh users were
>  not admitted to the tests because they had difficulties with the door
>  handle at the lab where the tests were being conducted."

Re: Matt's Scripts

[Dominic Mitchell]

On Wed, Mar 14, 2001 at 03:22:59PM +, Michael Stevens wrote:
> On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote:
> > WebDAV is not OK, cos it means installing yet more stuff on the server
> > which is simply not needed.  If a user can't use scp, then I don't want
> > that user.  I mean, it's not hard FFS.
> 
> Admittedly rather unscientific research has shown you're actually wrong -
> lots of users find it very hard.

"In a recent survey, 9 out of 10 MS Windows users were found to have
 difficulties maximising and moving their windows.  Macintosh users were
 not admitted to the tests because they had difficulties with the door
 handle at the lab where the tests were being conducted."

-Dom

Re: Matt's Scripts

[Struan Donald]

* at 14/03 15:22 + Michael Stevens said:
> On Wed, Mar 14, 2001 at 04:10:02PM +, David Cantrell wrote:
> > WebDAV is not OK, cos it means installing yet more stuff on the server
> > which is simply not needed.  If a user can't use scp, then I don't want
> > that user.  I mean, it's not hard FFS.
> 
> Admittedly rather unscientific research has shown you're actually wrong -
> lots of users find it very hard.

enough people find moving/copying files on windows complex... when
you start introducing a second computer...

struan

Re: Matt's Scripts

[Greg McCarroll]

* Dave Cross ([EMAIL PROTECTED]) wrote:
> At Wed, 14 Mar 2001 16:10:02 +, David Cantrell <[EMAIL PROTECTED]> wrote:
> 
> > On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote:
> > 
> > > WebDAV is ok, but you'd need to run it over HTTPS to be secure.
> > 
> > WebDAV is not OK, cos it means installing yet more stuff on the server
> > which is simply not needed.  If a user can't use scp, then I don't 
> > want that user.  I mean, it's not hard FFS.
> 
> An admirable point of view in my opinion. Why would anyone possibly
> want to run an ISP and have to deal with all the clueless people?
> 
> Beats me.
> 

Mike J, you used to work for AOL, you should be more than qualified
to answer this one ;-)


-- 
Greg McCarroll  http://www.mccarroll.uklinux.net

Re: Matt's Scripts

[Jon Eyre]

On Wed, 14 Mar 2001, David Cantrell wrote:
> WebDAV is not OK, cos it means installing yet more stuff on the server
> which is simply not needed.

Using WebDAV on a internal staging server and then updating the live 
server with something rsync-ish using scp might be a good
usability/security compromise 

> If a user can't use scp, then I don't want
> that user.  I mean, it's not hard FFS.

alas, some of us don't get to choose our users...

j

Re: Matt's Scripts

[Mark Fowler]

> Yes there is.  http://www.i-tree.org/ixplorer.htm. 

I've since installed WinSCP, from the list of alternatives on OpenSSH This
is also based on PuTTY and isn't so, well, dodgy as iXplorer.  Forget I
ever mentioned it.

Seems to work well for me.  The interface is clunky (i.e. you have to
press F5 to copy rather than drag and drop) but is still something your
average windows user would have no problems using.

http://winscp.vse.cz/eng/   (we should have just googled for winscp in the 
 first place)

Later.

Mark.

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

RE: Matt's Scripts

[Jonathan Peterson]

> which is simply not needed.  If a user can't use scp, then I
> don't want
> that user.  I mean, it's not hard FFS.

Scp is not hard. Users should be able to use scp. However, the real point is
that scp sucks. scp is to a sensible way of transfering files what
command.com is to a good shell. scp is stateless. scp makes you enter your
password, again, all the time. scp doesn't let you browse the remote machine
(hell, even ftp manages that). scp doesn't do ASCII conversion between
differing architectures. scp doesn't even let you upload two files from
different directories in a single operation, where operation is defined in
human rather than computer terms.

sftp is obviously better in every respect than scp, and the only reason for
inflicting scp on a user is to convince them to spend the cash on f-secure's
sftp client for win|mac|whatever.

However, a million times better than any of these is to use SMB (just not
with plain text pwords). And if the client really needs to constantly upload
and download files in an encrypted state, setting up a VPN is the way to go,
and then they can use whatever they want, presumably SMB or NFS if the pipe
is at all reliable.

Re: Matt's Scripts

[Matthew Byng-Maddick]

On Wed, 14 Mar 2001, Dave Cross wrote:
> At Wed, 14 Mar 2001 16:10:02 +, David Cantrell <[EMAIL PROTECTED]> wrote:
> > On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote:
> > > WebDAV is ok, but you'd need to run it over HTTPS to be secure.
> > WebDAV is not OK, cos it means installing yet more stuff on the server
> > which is simply not needed.  If a user can't use scp, then I don't 
> > want that user.  I mean, it's not hard FFS.
> An admirable point of view in my opinion. Why would anyone possibly
> want to run an ISP and have to deal with all the clueless people?

Well, quite. Of course, if their computer hasn't got a queueing mail
system, then I don't want that either :)

MBM

-- 
Matthew Byng-Maddick   Home: <[EMAIL PROTECTED]>  +44 20  8980 5714  (Home)
http://colondot.net/   Work: <[EMAIL PROTECTED]> +44 7956 613942  (Mobile)
I don't know who my grandfather was; I am much more concerned to know what
his grandson will be.   -- Abraham Lincoln

Re: Matt's Scripts

[David Cantrell]

* at 14/03 14:59 + Mark Fowler said:

> > Do what we do.  Keep everything running, but shove a whopping great
> > ipchains (or firewall of choice) in the way.  If you want to access it,
> > ssh tunnel it first.

Would not ipsec be a better solution?  It's transparent to the users,
and more reliable than ssh tunnels which tend to drop if not used.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts (SCP)

[Greg McCarroll]

* Neil Ford ([EMAIL PROTECTED]) wrote:
> >On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote:
> >>  On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed:
> >>
> >>  >is there an idiot-proof graphical front-end for scp? windows
> >>  >clients?
> >>
> >>  PuTTY.
> >
> >SCP for Windoz = http://winscp.vse.cz/eng/
> >SCP for Linux = well, command line scp or what ever else there is.
> >SCP for OSX = http://www.macorchard.com/ftp.html download Rbrowser
> 
> Also see Linux above, seeing as OS X has comes with OpenSSH. (10 days 
> and counting :-) )
> 

OS X shall be a truly wonderful thing, of course the fact that
it is even possible is down to the BSD license IIRC, discuss ...  

;-)

-- 
Greg McCarroll  http://www.mccarroll.uklinux.net

Re: Matt's Scripts

[Dave Cross]

At Wed, 14 Mar 2001 16:10:02 +, David Cantrell <[EMAIL PROTECTED]> wrote:

> On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote:
> 
> > WebDAV is ok, but you'd need to run it over HTTPS to be secure.
> 
> WebDAV is not OK, cos it means installing yet more stuff on the server
> which is simply not needed.  If a user can't use scp, then I don't 
> want that user.  I mean, it's not hard FFS.

An admirable point of view in my opinion. Why would anyone possibly
want to run an ISP and have to deal with all the clueless people?

Beats me.

Dave...

Re: Matt's Scripts

[Dominic Mitchell]

On Wed, Mar 14, 2001 at 03:13:46PM -, Jonathan Peterson wrote:
> >
> > There is a GUI front-end for pscp, available from
> > http://www.i-tree.org/, apparently, although I haven't tried it.
> 
> This is kind of flakey, and has trouble with stuff like files owned by a
> user or group with more than 8 characters in its name. This is because it
> determines filenames by doing ls and then counting a fixed number of columns
> in from the left. :-(

Well, if you've got Delphi handy, you can go in and fix it...

-Dom

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 03:01:17PM +, Dominic Mitchell wrote:

> WebDAV is ok, but you'd need to run it over HTTPS to be secure.

WebDAV is not OK, cos it means installing yet more stuff on the server
which is simply not needed.  If a user can't use scp, then I don't want
that user.  I mean, it's not hard FFS.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts (SCP)

[Chris Devers]

At 03:00 PM 14.3.2001 +, Leo Lapworth wrote:
>If anyone hears of a good gui SCP client for non-OSX mac's I'd
>really like to know (I've got users on my machine that need it!).

Can Fetch do it? At a glance, I don't see anything about SCP there, but then I've only 
done a cursory check; it may be in there somewhere. 




--
Chris Devers [EMAIL PROTECTED]

Re: Matt's Scripts (SCP)

[Neil Ford]

>On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote:
>>  On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed:
>>
>>  >is there an idiot-proof graphical front-end for scp? windows
>>  >clients?
>>
>>  PuTTY.
>
>SCP for Windoz = http://winscp.vse.cz/eng/
>SCP for Linux = well, command line scp or what ever else there is.
>SCP for OSX = http://www.macorchard.com/ftp.html download Rbrowser

Also see Linux above, seeing as OS X has comes with OpenSSH. (10 days 
and counting :-) )

>SCP for Mac = http://www.macorchard.com/ftp.html download 
>NiftyTelnet (the open option has an SCP radio button)
>
>The Mac one is NASTY! - the OSX and Windoz ones are just like
>standard FTP clients (your computer on the left, remove server one the right).
>
>If anyone hears of a good gui SCP client for non-OSX mac's I'd
>really like to know (I've got users on my machine that need it!).
>
 me too! 

And if anyone finds a mac client that does SSH2 reliably, including 
port forwarding, using keys 'generated' using OpenSSH I'd be 
interested too.

Neil.
-- 
Neil C. Ford
Managing Director, Yet Another Computer Solutions Company
[EMAIL PROTECTED]

RE: Matt's Scripts

[Jonathan Peterson]

>
> There is a GUI front-end for pscp, available from
> http://www.i-tree.org/, apparently, although I haven't tried it.

This is kind of flakey, and has trouble with stuff like files owned by a
user or group with more than 8 characters in its name. This is because it
determines filenames by doing ls and then counting a fixed number of columns
in from the left. :-(

Re: Matt's Scripts

[Dominic Mitchell]

On Wed, Mar 14, 2001 at 03:08:03PM +, Struan Donald wrote:
> and people are worrying about plain scp confusing people? ssh
> tunneling is one of those things that appears close enough to magic
> that people assume it is. damn useful magic though.
> 
> plus it always seems such a pain on windows

It is.  And a word of warning in case anybody tries it:  Don't tunnel
ftp over ssh.  It doesn't work properly.  Only 1 tunnel goes over the
secure connection.  Admittedly, it keeps the password out of the way,
but it also leads to a false sense of security about your data being
encrypted.

-Dom (had to whinge to a Linux Journal author about this one)

Re: Matt's Scripts

[Greg McCarroll]

* Roger Burton West ([EMAIL PROTECTED]) wrote:
> On or about Wed, Mar 14, 2001 at 04:00:22PM +, Greg McCarroll typed:
> >* Dave Cross ([EMAIL PROTECTED]) wrote:
> >> They won't if you stop running the ftp daemon on the server :)
> >Rule one of security:
> > Ensure availability for authorised users
> 
> Rule zero of security:
>A system with no users is a system with no unauthorised users. For
> extra points, turn it off.
> 

best to destroy it, and crush it to powder then scatter it into the winds 
of the earth ;-)

oh and you might like to plant its CPU on hallowed ground just in case
its a lichOS system.

-- 
Greg McCarroll  http://www.mccarroll.uklinux.net

Re: Matt's Scripts

[Dominic Mitchell]

On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote:
> On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed:
> >is there an idiot-proof graphical front-end for scp? windows 
> >clients?
> 
> PuTTY.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

In case anybody hasn't seen it, it's a very useful win32 ssh program
with a terminal emulator.  It even comes with an ssh-agent, which is
pretty damned useful.

Regarding scp, putty comes with pscp, a command line tool for uploading
files.  The next version also has a beginning implemntation of an sftp
client and the latest version of OpenSSH also comes with an sftp server,
which you could use.  It's still all command line though (and its not
released yet).

There is a GUI front-end for pscp, available from
http://www.i-tree.org/, apparently, although I haven't tried it.

I don't know, but you may be able to download an eval version of some
nicer copying tools courtesy of one of the professional ssh outfits.

-Dom

Re: Matt's Scripts

[Struan Donald]

* at 14/03 14:59 + Mark Fowler said:
> On Wed, 14 Mar 2001, Greg McCarroll wrote:
> > * Dave Cross ([EMAIL PROTECTED]) wrote:
> > > At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre <[EMAIL PROTECTED]> 
>wrote:
> > > > 
> > > > > My several users use scp.
> > > > 
> > > > is there an idiot-proof graphical front-end for scp? windows 
> > > > clients? my several users require them, or they'll just continue 
> > > > using ftp, because it's *easier*... 
> > > 
> > > They won't if you stop running the ftp daemon on the server :)
> > > 
> > 
> > Rule one of security:
> > Ensure availability for authorised users
> > 
> > this breaks it ;-)
> > 
> 
> Do what we do.  Keep everything running, but shove a whopping great
> ipchains (or firewall of choice) in the way.  If you want to access it,
> ssh tunnel it first.

and people are worrying about plain scp confusing people? ssh
tunneling is one of those things that appears close enough to magic
that people assume it is. damn useful magic though.

plus it always seems such a pain on windows

struan

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre wrote:

> > My several users use scp.
> 
> is there an idiot-proof graphical front-end for scp? windows 
> clients? my several users require them, or they'll just continue 
> using ftp, because it's *easier*... People are lazy, and security 
> measures which are a pain in the arse will fail to work because the 
> users will bypass them (summarizing from Schneier's Secrets and Lies). 

I'd like to see my users try to bypass them :-)  There is simply no
other way of uploading a file.  No ftp uploads, no rcp, no http uploads,
and none of the sneaky ways of getting in via smtp.  Oh, and no smb, no
appletalk, and no nfs server.  Of course, I don't acept idiots for
users.

But for Windows users, I recommend Secure iXplorer, for Mac users, macssh.

> >  All of them can put anything they want on there.
> > If you're doing hosting and letting people upload code, you have no choice
> > but to trust your users.  *BUT* by avoiding grotesqities like ftp, and by
> > setting permissions sanely, third-parties are hard-pressed to compromise
> > the server.
> 
> dealing with clients who can't remember or don't know
> usernames/passwords, and the subsequent calls to isp 
> helpdesks:
> 
> "Hello, I am from web agency X, we need ftp details for customer Y
> so we can upload their site."

Evil reply: "that's your fucking problem, ask your client"

> And they just give 'em out. No checks, no confirming with the
> customers, nothing. There's little hope of 
> securing stuff if people can be socially 
> engineered so easily.

That's a matter of setting policy.  If there's no policy in place to
prevent that, then you can expect people to do it.  If you have a security
policy which states that you will fire people for such gross breaches -
and more importantly, you *enforce* it - then it won't happen more than
once or twice.

Anyway, how on earth can the helldesk grunts get at passwords?  Not even
the sysadmin should be able to tell you a user's password. They should
*never* be stored in plain-text.  If they are, fire the sysadmin.

BTW, when I've made those calls to ISPs in the past, my client has always
told them in advance that I'll be calling.  Perhaps I just have a higher
class of clientele :-)

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[Matthew Byng-Maddick]

On Wed, 14 Mar 2001, Dominic Mitchell wrote:
> On Wed, Mar 14, 2001 at 02:55:28PM +, Michael Stevens wrote:
> > I've been thinking that, while not ideal, webDAV is probably the best
> > option here. I'm told it's a) secure-ish, and b) integrates nicely
> > with Dreamweaver and whatever microsoft's thing is.
> WebDAV is ok, but you'd need to run it over HTTPS to be secure.

The other thing is that *WHEN* subversion comes out, the protocol allows
for version control, and there'll actually be a decent way of implementing
version control, so if the people who are doing the uploading screw up,
you have some chance of rolling back.

DAV over HTTPS is not that bad, though...

MBM

-- 
Matthew Byng-Maddick   Home: <[EMAIL PROTECTED]>  +44 20  8980 5714  (Home)
http://colondot.net/   Work: <[EMAIL PROTECTED]> +44 7956 613942  (Mobile)
I don't know who my grandfather was; I am much more concerned to know what
his grandson will be.   -- Abraham Lincoln

Re: Matt's Scripts (SCP)

[Leo Lapworth]

On Wed, Mar 14, 2001 at 02:57:41PM +, Roger Burton West wrote:
> On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed:
> 
> >is there an idiot-proof graphical front-end for scp? windows 
> >clients?
> 
> PuTTY.

SCP for Windoz = http://winscp.vse.cz/eng/ 
SCP for Linux = well, command line scp or what ever else there is. 
SCP for OSX = http://www.macorchard.com/ftp.html download Rbrowser 
SCP for Mac = http://www.macorchard.com/ftp.html download NiftyTelnet (the open option 
has an SCP radio button) 

The Mac one is NASTY! - the OSX and Windoz ones are just like
standard FTP clients (your computer on the left, remove server one the right).

If anyone hears of a good gui SCP client for non-OSX mac's I'd
really like to know (I've got users on my machine that need it!).

Cheers

Leo

Re: Matt's Scripts

[Roger Burton West]

On or about Wed, Mar 14, 2001 at 04:00:22PM +, Greg McCarroll typed:
>* Dave Cross ([EMAIL PROTECTED]) wrote:
>> They won't if you stop running the ftp daemon on the server :)
>Rule one of security:
>   Ensure availability for authorised users

Rule zero of security:
   A system with no users is a system with no unauthorised users. For
extra points, turn it off.

Roger

Re: Matt's Scripts

[Mark Fowler]

On Wed, 14 Mar 2001, Greg McCarroll wrote:
> * Dave Cross ([EMAIL PROTECTED]) wrote:
> > At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre <[EMAIL PROTECTED]> wrote:
> > > 
> > > > My several users use scp.
> > > 
> > > is there an idiot-proof graphical front-end for scp? windows 
> > > clients? my several users require them, or they'll just continue 
> > > using ftp, because it's *easier*... 
> > 
> > They won't if you stop running the ftp daemon on the server :)
> > 
> 
> Rule one of security:
>   Ensure availability for authorised users
> 
> this breaks it ;-)
> 

Do what we do.  Keep everything running, but shove a whopping great
ipchains (or firewall of choice) in the way.  If you want to access it,
ssh tunnel it first.
 

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts

[Dominic Mitchell]

On Wed, Mar 14, 2001 at 02:55:28PM +, Michael Stevens wrote:
> On Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre wrote:
> > > My several users use scp.
> > is there an idiot-proof graphical front-end for scp? windows 
> > clients? my several users require them, or they'll just continue 
> > using ftp, because it's *easier*... People are lazy, and security 
> > measures which are a pain in the arse will fail to work because the 
> > users will bypass them (summarizing from Schneier's Secrets and Lies). 
> 
> I've been thinking that, while not ideal, webDAV is probably the best
> option here. I'm told it's a) secure-ish, and b) integrates nicely
> with Dreamweaver and whatever microsoft's thing is.

WebDAV is ok, but you'd need to run it over HTTPS to be secure.

-Dom

Re: Matt's Scripts

[Greg McCarroll]

* Dave Cross ([EMAIL PROTECTED]) wrote:
> At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre <[EMAIL PROTECTED]> wrote:
> > 
> > > My several users use scp.
> > 
> > is there an idiot-proof graphical front-end for scp? windows 
> > clients? my several users require them, or they'll just continue 
> > using ftp, because it's *easier*... 
> 
> They won't if you stop running the ftp daemon on the server :)
> 

Rule one of security:
Ensure availability for authorised users

this breaks it ;-)

-- 
Greg McCarroll  http://www.mccarroll.uklinux.net

Re: Matt's Scripts

[Mark Fowler]

> > is there an idiot-proof graphical front-end for scp? windows?
> 
> On Windows I use pscp which comes from the same people as putty. It
> works well, but it doesn't have a pretty graphical front-end.

Yes there is.  http://www.i-tree.org/ixplorer.htm. 

I suggest you peeps read http://www.openssh.org/windows.html which lists
alternatives

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts

[Roger Burton West]

On or about Wed, Mar 14, 2001 at 02:34:32PM +, Jon Eyre typed:

>is there an idiot-proof graphical front-end for scp? windows 
>clients?

PuTTY.

>my several users require them, or they'll just continue 
>using ftp, because it's *easier*... People are lazy, and security 
>measures which are a pain in the arse will fail to work because the 
>users will bypass them (summarizing from Schneier's Secrets and Lies). 

Then you disable ftp and smb. (And telnet, of course.) "Sorry, we can't
use these because of the ban on plain-text passwords."

Roger

Re: Matt's Scripts

[Dave Cross]

At Wed, 14 Mar 2001 14:34:32 + (GMT), Jon Eyre <[EMAIL PROTECTED]> wrote:
> 
> > My several users use scp.
> 
> is there an idiot-proof graphical front-end for scp? windows 
> clients? my several users require them, or they'll just continue 
> using ftp, because it's *easier*... 

They won't if you stop running the ftp daemon on the server :)

On Windows I use pscp which comes from the same people as putty. It
works well, but it doesn't have a pretty graphical front-end.

Dave...

Re: Matt's Scripts

[Jon Eyre]

> My several users use scp.

is there an idiot-proof graphical front-end for scp? windows 
clients? my several users require them, or they'll just continue 
using ftp, because it's *easier*... People are lazy, and security 
measures which are a pain in the arse will fail to work because the 
users will bypass them (summarizing from Schneier's Secrets and Lies). 

>  All of them can put anything they want on there.
> If you're doing hosting and letting people upload code, you have no choice
> but to trust your users.  *BUT* by avoiding grotesqities like ftp, and by
> setting permissions sanely, third-parties are hard-pressed to compromise
> the server.

dealing with clients who can't remember or don't know
usernames/passwords, and the subsequent calls to isp 
helpdesks:

"Hello, I am from web agency X, we need ftp details for customer Y
so we can upload their site."

And they just give 'em out. No checks, no confirming with the
customers, nothing. There's little hope of 
securing stuff if people can be socially 
engineered so easily.

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 12:46:45PM +, Jon Eyre wrote:
 
> oops...

Heh.  Just remember, Evil Dave is the paranoid nutcase, Dave Cross is the
one with the gold-plated cat.

> > At Wed, 14 Mar 2001 13:05:05 +, David Cantrell <[EMAIL PROTECTED]> wrote:
> > 
> > > Evil Dave's server does *not* use seperate cgi-bin directories - but 
> > > then, there's no ftp file upload, and the ftp root is in a different 
> > > place from the web root anyway, and HTTP file upload is also not 
> > > permitted.
> 
> Evil Dave's server is therefore a different beast to a hosting company's 
> server, which isn't really much use if their customers can't get anything
> on to it.

My several users use scp.  All of them can put anything they want on there.
If you're doing hosting and letting people upload code, you have no choice
but to trust your users.  *BUT* by avoiding grotesqities like ftp, and by
setting permissions sanely, third-parties are hard-pressed to compromise
the server.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[Jon Eyre]

oops...

On Wed, 14 Mar 2001, Dave Cross wrote:
> At Wed, 14 Mar 2001 13:05:05 +, David Cantrell <[EMAIL PROTECTED]> wrote:
> > On Wed, Mar 14, 2001 at 11:50:04AM +, Jon Eyre wrote:
> > > In my experience, virtually *all* isps/hosting providers use the
> > > 'separate cgi-bin directory' configuration. either for the 
> > > security reasons outlined by evil dave ...

> > Evil Dave's server does *not* use seperate cgi-bin directories - but 
> > then, there's no ftp file upload, and the ftp root is in a different 
> > place from the web root anyway, and HTTP file upload is also not 
> > permitted.

Evil Dave's server is therefore a different beast to a hosting company's 
server, which isn't really much use if their customers can't get anything
on to it.
 
> And besides, it wasn't Evil Dave that pointed out the security issues.

oops... apologies, confused by a surfeit of Daves...

Returning to subject, what would be really useful for me, and probably 
many other aspirant mongers, is to see Matt's scripts subjected to 
a similar sort of process to that in the perl.com
'program-repair-red-flags' articles. It's all very well to say 'these 
scripts are bad and insecure, here are some well-written and secure
versions', but a lot more can be learnt from showing *why* they're 
bad, even if it's just done by marking the originals up with
constructively critical comments...

just my .02

j

---
jon eyre ([EMAIL PROTECTED]) (http://simpson.dyndns.org/~jon/)
the slack which can be described is not the true slack

Re: Matt's Scripts

[Dave Cross]

At Wed, 14 Mar 2001 13:05:05 +, David Cantrell <[EMAIL PROTECTED]> wrote:

> On Wed, Mar 14, 2001 at 11:50:04AM +, Jon Eyre wrote:
> 
> > In my experience, virtually *all* isps/hosting providers use the
> > 'separate cgi-bin directory' configuration. either for the 
> > security reasons outlined by evil dave ...
> 
> Eh-hem.
> 
> Evil Dave's server does *not* use seperate cgi-bin directories - but 
> then, there's no ftp file upload, and the ftp root is in a different 
> place from the web root anyway, and HTTP file upload is also not 
> permitted.

And besides, it wasn't Evil Dave that pointed out the security issues.

(Nice) Dave...

Re: Matt's Scripts

[David Cantrell]

On Wed, Mar 14, 2001 at 11:50:04AM +, Jon Eyre wrote:

> In my experience, virtually *all* isps/hosting providers use the 
> 'separate cgi-bin directory' configuration. either for the security 
> reasons outlined by evil dave ...

Eh-hem.

Evil Dave's server does *not* use seperate cgi-bin directories - but then,
there's no ftp file upload, and the ftp root is in a different place from
the web root anyway, and HTTP file upload is also not permitted.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/

This is a signature.  There are many like it but this one is mine.

** I read encrypted mail first, so encrypt if your message is important **

 PGP signature

Re: Matt's Scripts

[Jon Eyre]

On Wed, 14 Mar 2001, Mark Fowler wrote:

> > (What do you mean with "not-inplace cgi"?)
> 
> Some servers (like my own) are configured to allow you to run perl scripts
> anywhere.

aka cgi-by-suffix, you add an apache handler which recognises all 
files with a certain extension (typically .cgi or .pl ) as cgi scripts, 
and executes them...

> Some servers (especially in the paranoid ISP land) are configured to have
> a /cgi-bin/ where you have to put files in that will be 'executed'. 

In my experience, virtually *all* isps/hosting providers use the 
'separate cgi-bin directory' configuration. either for the security 
reasons outlined by evil dave, or because they *don't know* about
cgi-by-suffix.

j


---
jon eyre ([EMAIL PROTECTED]) (http://simpson.dyndns.org/~jon/)
the slack which can be described is not the true slack

Re: Matt's Scripts

[Robin Szemeti]

On Wed, 14 Mar 2001, you wrote:
> > (What do you mean with "not-inplace cgi"?)
> 
> Some servers (like my own) are configured to allow you to run perl scripts
> anywhere.
> 
> Some servers (especially in the paranoid ISP land) are configured to have
> a /cgi-bin/ where you have to put files in that will be 'executed'.  
> Typically you cannot read from these dirs with a web server (you can only
> execute the program and read their output.)  This is so that if you have
> passwords in your scripts it's very hard for the bad guys to read these 
> files and get the script via the webserver no matter what mistakes you
> make (e.g. if you accidentlally leave backup files around.)  The main
> drawback of this is that you can't serve normal files (like images) from
> the same directory.

or if for some reason the ISP edits the httpd.conf and removes execution
from .pl file types // voila! .. your scripts are exposed to the world 
.. its not such a big deal on paranoid ISP sites as they are usually only
luser scripts doing somethig tedious .. the consequences on a commercial
site could be very real indeed ... I always have my cgi-bin directory
outside my document root .. makes sense to me.

-- 
Robin Szemeti

The box said "requires windows 95 or better"
So I installed Linux!

Re: Matt's Scripts

[Dave Cross]

At Wed, 14 Mar 2001 11:28:19 + (GMT), Mark Fowler <[EMAIL PROTECTED]> wrote:
> > (What do you mean with "not-inplace cgi"?)
> 
> Some servers (like my own) are configured to allow you to run perl 
> scripts anywhere.

We _like_ servers configured like this. Especially if they've got some
kind of file upload facility installed. We can run any code we like on
them :)

> Some servers (especially in the paranoid ISP land) are configured to 
> have a /cgi-bin/ where you have to put files in that will be
> 'executed'. Typically you cannot read from these dirs with a web 
> server (you can only execute the program and read their output.)  
> This is so that if you have passwords in your scripts it's very hard 
> for the bad guys to read these files and get the script via the 
> webserver no matter what mistakes you make (e.g. if you accidentlally 
> leave backup files around.)  The main drawback of this is that you 
> can't serve normal files (like images) from the same directory.

These servers, OTOH, are far less fun. Typically the web user has no
wrtie access to the cgi-bin directory so you can't upload your own 
scripts there using HTTP.

> I call the first 'in place cgi' and the latter 'cgi-bin'

I call the first 'a security nightmare' and the latter 'much safer'.

> Hope that's clear.

Very much :)

Dave...

Re: Matt's Scripts

[Mark Fowler]

> (What do you mean with "not-inplace cgi"?)

Some servers (like my own) are configured to allow you to run perl scripts
anywhere.

Some servers (especially in the paranoid ISP land) are configured to have
a /cgi-bin/ where you have to put files in that will be 'executed'.  
Typically you cannot read from these dirs with a web server (you can only
execute the program and read their output.)  This is so that if you have
passwords in your scripts it's very hard for the bad guys to read these 
files and get the script via the webserver no matter what mistakes you
make (e.g. if you accidentlally leave backup files around.)  The main
drawback of this is that you can't serve normal files (like images) from
the same directory.

I call the first 'in place cgi' and the latter 'cgi-bin'

Hope that's clear.

Later.

Mark.
 

-- 
print "\n",map{my$a="\n"if(length$_>6);' 'x(36-length($_)/2)."$_\n$a"} (
   Name  => 'Mark Fowler',Title => 'Technology Developer'  ,
   Firm  => 'Profero Ltd',Web   => 'http://www.profero.com/'   ,
   Email => '[EMAIL PROTECTED]',   Phone => '+44 (0) 20 7700 9960'  )

Re: Matt's Scripts

[Philip Newton]

Mark Fowler wrote:
> d) It links to an image in the same directory as itself and 
> explains that if the image isn't viewable then you do not
> have inplace cgi and the things you have to know about this

(What do you mean with "not-inplace cgi"?)

Another thing it maybe should print out is the current working directory.
Apparently in some places, '.' is not the directory where the script is in,
which messes you up if you want to read config files or write things to the
file system and your notion of "where you are" is incorrect. FindBin may be
able to help.

Cheers,
Philip
-- 
Philip Newton <[EMAIL PROTECTED]>
All opinions are my own, not my employer's.
If you're not part of the solution, you're part of the precipitate.