ColdSync is a portable synchronization tool for Palm devices (PalmPilot, Handspring Visor, etc.) that runs under *BSD, Solaris, Digital Unix/Tru64, Linux, AIX, and Windows NT. It supports PalmOS 2.0 (original PalmPilot) and later. It is only known to support Visor syncing under FreeBSD and Linux, however. It supports IR syncing under Linux. ColdSync can back up, restore, install, and synchronize database, and can be extended and customized through the use of conduits. ColdSync is rather paranoid and takes pains not to delete anything it isn't 100% sure about.
Neohunt is an enhanced variant of hunt, a multiplayer game in which you run around a maze and shoot your friends before they shoot you. It is also an artifact of an earlier age, to be used either as nostalgia (if you remember the eighties) or as an example of how much better things are today (if you don't).
Re: Command Line
> It seems to me that we could all save a
> lot of time and energy if we just did
> some simple checks. For example, provide
> the users of our programs with MENUS
> instead of command lines.
This isn't always practical, or even possible.
For one thing, some of us still use command-line tools
to avoid having to use menus. For instance,
find . \( -type f -o -type l \) -name '*.[ch]' -print |
xargs grep MyClass
would take a lot more effort to express in a GUI
version with menus and such.
> Make them pick
> an option form, say, 1 to 10.
This doesn't make sense if the input is a file
name, which comprises a big chunk of what the article
> If that
> isn't possible, simply scan the given
> line and remove backticks, dolalr signs
> and quotes.
This is the Fallacy Of Removing Bad Things.
The recommended security paradigm is the reverse:
accept only what is allowed.
In this case, that means that if the input is a
file name to be created, you should reject any entry
that contains anything other than letters, digits, and a
few carefully-selected punctuation characters (dot,
dash, underscore. Definitely not slash).
> If that's too limiting, then why the
> hell did you let them into your system
> in the first place??
For one thing, you may be running a web site
that accepts user input. If it creates or reads files, or
runs commands based on user input, then you need to
perform the sort of checking described in the article.
script to check the input fields for validity before they
get to your server, but you can't assume that it worked.
For one thing, the person may have turned off
looking for holes in your script.
Secondly, as pointed out in the article, the
hole may be in your mailcap file. In this case, a
malicious site might have a Flash animation called "`rm
(And I'm not even going to talk about
Unfortunately, it's a nasty world out there. If
you're writing code, it is necessary to check the things
this article talks about. Even if you aren't worried about
crackers, you still have to worry about idiots who put
control characters in file names, use backslash instead
of slash, and give their full name as John "Bubba"
Re: I used to not comment....
> 4 lines of comments for
> something as simple as
I once had a 10-line comment explaining why a certain if statement didn't have an else clause.