distro machine 0.8r8 IMPORTANT SECURITY FIX!

Due to the discovery (and fixing) of a potentially serious security hole in the distro machine's verification mechanisms, existing users are urged to upgrade to 0.8rc8 IMMEDIATELY!

Thanks to PCheese for the heads-up. On recieving my first "Security Vulnerability Notice" this morning , I now feel like a "real" software developer!

So maybe those disappearing scores had nothing to do with file-locking, after all. Good news! PLUS now we have the finest file-locking code in the php universe! smiley for :lol:

onwards..

;o)

ps.. all users who have mailed me regarding the machine have received a copy of 0.8rc8 in their email, and subscribers to my devlog newsfeed will notice a new entry. what else does one do in these situations? it has me thinking about compulsory email validation before download, or something. hmm..

pps.. I'll put a copy of this notice in the distro machine feedback page. consider yourselves informed!


distro machine 0.8rc7

I swear this will be the final tweak to the file locking code!

It's all transparent, of course, but I wasn't entirely happy with it. I'm still experiencing occasional drop-outs in the scoring mechanism, effectively leaving us with a blank score file, which is annoying.

What we now have is a sort of triple-protection, and I've hammered it relentlessly with multiple copies of "DownThemAll" ( Firefox plug-in that grabs whole pages of downloads at once. *ouch* ) all grabbing the same files at the same time, from three seperate clients, rat-a-tat-tat-tat-tatatat. flawless.

How that translates to my often-busy corz.org download pages is another matter, but the evolution continues anyway. Once I perfect "perfectly safe flat-file database access", I'll likely chuck in a MySQL option! smiley for :lol:

I believe in flat-file records, but that's a story for another time and place.

I also added some preferences for a background image (if you aren't embedding, but want the machine to match the rest of your site!). Thanks to Sad :( for spotting I had that code well hidden. It's up top with the other css stuff now.

A debug version of this release candidate is also available from the usual place. remember you'll need the debug unit somewhere to use that one.

for now..

;o)

ps.. note the distributions are in tar.gz format now, I can't find a zipper, outside the OS X built-in tool, that can retain file permissions. The windows and Linux zippers I've tried just obliterate them. If anyone has trouble with these archives, drop me a line.

On a *nix machine, it's best to unpack them in place using tar with the "-p" option, like this..

tar zxpf machine.v0.8rc7.tar.gz

TADA!


almost three hours

you know, I'm thinking, I could have the comment script do a timeserver lookup for time, it's irritating being "almost three hours" out on every single post! Ah, the joy's of shared hosting.

I could grab it from Greenwich instead!

good idea cor!

*ahem*

;o)


bits and bobs

True, there have been no major releases for a couple of months, but that's because I'm happy with the way they are. It's like writing books, once you've torn through the first draft, you gotta put it away in a drawer for a few months, give it a reast, gain a new perspective on things for when you pick it up again. You see things you would never have spotted.

I'm always doing something, and there have been dozens of minor improvements and tweaks to many of the scripts, "site parts", if you like, but no major upheavals. There's no way I've got the time to blog here for every change! You just gotta have faith. Heh, so anyway, now I have achieved stillness of code, I can implement a few things that have been on my mind, fermenting.

As well as seeing some cute possibilities for most of my stuff, I've spotted a nice wee security hole (small, but still there), something that easily more than half of the world's major web applications must suffer from, just hadn't crossed our minds, I guess. hmmm.

I'll be incorporating that into pajamas, right before I incorporate pajamas into everything. The plan is to create "pro" versions of the major stuff; corzblog, corzoogle, the distro machine; encourage you to help out some, because my diet's been tragic these last few months, for starters. See top-far-right of this page for details!

for now..

;o)


 ©  2024 « corz.org » 24.10.5  

Welcome to corz.org!

I'm always messing around with the back-end.. See a bug? Wait a minute and try again. Still see a bug? Mail Me!