Wedge

I thought I said a week's holiday? :P

Okay... I'll be honest with you guys.

- It's 1:30am here in Paris. I'm exhausted. I wake up every morning at 6:30am so it's not going to be easy tomorrow...
- I'm done with the alpha. I think it's pretty much ready for release.
- But I don't want to release something that I've completed while very tired, then go to bed, then wake up in the morning to discover a disaster.
- I really, REALLY wanted to release today. I mean it's October 31st and tomorrow is November and I hate November. The name sucks and it makes me think of really cold days. I'm a bit superstitious.
- Still, I did finish it on October 31st...[1]
- So, let's just say the changelog will start with "Private alpha 0.1 - October 31st", all right guys? :P

To sum it up:
- I've got a version I'm relatively happy with (relatively isn't great, but to me it's good enough for a release considering I spent the last few weeks hiding behind my keyboard.)
- I'll release it tomorrow morning.
- That way, I'll be able to assist with any issues while I'm at it.

Everyone fine with that? Click the Like button if you're ready to test tomorrow :P

1.

I'm on the American timezone today. Got too many annoying kids knocking at my door asking for friggin' sweets. Without any costumes. Yeah, the French imported that silly US/Irish tradition, and yet the kids only see the 'sweets' part and don't want to waste time on costumes. I hate Halloween. The only good thing to come out of it was the Nightmare before Christmas.

Yeah but the article is about Apple being the first to get rid of the optical drive. The author is basically saying they are pioneering but they are not. Yes it is another Apple fanboy site which explains everything, but spinning less media PC's have been around for already quite some time even before Android was conceived. Most were and still being used though as small POS units in retail shops. I was planning to buy one a few years back to make a media PC out of it for the TV at home, never got around to it though. There is no spinning disk at all on these devices, all solid state, a few ports and that is it.

*edit, more to add

I guess it is how you look at Apple. Most people think of Apple as of Apple vs Microsoft but that isn't the case to me. When I hear Apple I consider Apple as mainly hardware and Apple a little as the software. Microsoft only makes software so Microsoft vs Apple doesn't make any sense. So what does make sense to me Apple vs the entire PC world.

In the past Apple used to bash the entire PC market and that is who they are up against. They got allot to compete against and this is where the fanboys are blind. To the fanboys there is only PC, which PC is not one line and never the same internals.

Does this mean I am a fan of Microsoft, no, I hope Microsoft dies they are or maybe more crooked than Apple. They both want control over the market and over the users.

What I am a fan of is openness, so mainly I a rooting for the open source OSes.

My plans are to fix them when they're done, mostly because the stuff that's broken needs more than minor work to fix it. But I wouldn't be running anything 'private alpha' on a live site personally, so it wouldn't bother me to leave it a little while...

FWIW, I'd be looking to do a private alpha now, then a more public one for Christmas-time (which gives me time to finish up what's going on here and finish all the stuff that *really* needs to be fixed) since no-one should be running private alphas on live sites unless they know exactly what they're doing and are fully aware of the consequences of the things raised.

Or maybe they'll recognize the one on the left the same way ;)

I'm still making tests internally. My current version has an additional drop shadow, distorts the lines and is a monochrome logo. It's... Interesting.

My favorite of today's batch... Pretty much what I described above, except without the monochrome aspect.

OK, here's the deal. If an application relies on PHPSESSID to handle sessions for anything of any 'security', you're screwed because you can spoof a user's session - right up to taking over a user's session while they are logged in.

In our case, PHPSESSID is only used for guests, so should a session be spoofed, there's no immediate risk.

I'm not sure, though, whether the same risk is also applicable to session_id() or not, if it is there's a much bigger problem.That's what I mean. If someone brute-forces in the manner you're thinking, they're going to generate an obscene number of requests and even the most inept host is going to notice that. But with this technique, session stealing is potentially within the region of requests where hosts may or may not notice it.Unless you've hacked it to also display the user agent, the odds of being able to tell a bot just by what they're 'browsing' are going to be slim.Have you noticed any?I suppose there is some merit to that, but you don't need to do that by tracking sessions. Using the access log will give you the same general information.Yes, but what does it actually tell you?I don't know how your system is set up, but the conventional way to set this up is to push the sessions to a single shared resource, and load/save sessions from there, for example I've done this in the past using MongoDB to be a session store, across multiple systems.If you can guess a session id, you can theoretically spoof that session. It's a form of session fixation bug.That's the point: you do not have to spoof the IP address. The IP address is merely a component of the hash, you don't have to actually be on that IP address, because it's a *hash* and thus the IP address is not recoverable.

This is why it's important: spoofing a session just relies on you being able to figure out the session id. Creating a cookie is a piece of the proverbial, it's just a header attached to the request. Fortunately in Wedge's case you do need to know what the contents of that cookie are, and it's a bit more than just the session id, so it is physically harder to spoof. But not impossible.

It's almost like people don't frickin' read what's in front of them, you know? That I actually went to the trouble of making a big sticky thread that actually answered the very question in this thread and still this thread appears. It's not even like it's in a different board or anything.

There is a part of me that wants to add a reading comprehension test into either the registration process here, or better, into the download page and those who can't follow simple instructions just should be prevented from ever running Wedge, because it'll be better for everyone in the long run. If you're too fucking lazy to read what's directly in front of you, I don't really want to support you.

Right now, you can't. It's not done yet. And if we were to release it right now, it would really be inappropriate.

There's a lot of things that we want, and need, to do that haven't yet been done. Some things are fundamentally broken or missing critical functionality.

Even if you're a hardcore user, it's still not ready for you, because even the installation doesn't work off the bat without some work (the installer is not stored in the main folder, and has to be moved from another folder prior to installation to make it work properly)

We know you're eager, because we've told you all the goodies that are coming in Wedge, some that are done, some that are coming. But you really need to understand that firstly, it's just two of us writing it, and that we do have lives outside of Wedge - even though we're putting a vast amount of time into it.

This post will be updated in the future, though, as it becomes available.


Why did I even write this? It's because I'm frustrated. I've lost count of the number of people who've come here asking for downloads. Some post publicly, some privately message me, and I'm fed up of it. We don't owe anyone anything, and while I love working on it, I don't love feeling like it's a noose around my neck - and each time I see such a message, I feel like that's where it'll head, as people don't seem to realise that we do this for fun, and not because we're paid to make them something for nothing.

Wedge has a bright and amazing future but you have to let us make it happen in a way we're comfortable with - and that means not rushing releases. That means we take as long as we feel is necessary to make it work. You can see the progress in the New Revs thread. That should give you some idea of the scale of changes that are underway - commits happen every day or at worst every couple of days, far higher and far more thoroughly than a good number of open source projects manage, in fact.

I'm also annoyed a lot in the fact that people don't seem to look around before asking. Is it really that hard to grasp that it isn't ready yet? Is it really that hard to spend a little time looking around and seeing what we're about? I guess it actually is, given how many people I'm aware of have just come along, posted without reading just because they want cool free stuff, without taking the time to understand what we're about.

Anyway, here endeth the rant. Keep calm and carry on!