Monetizing insignificant sites [WAS: frustrated newbie still can't get records to display at all in her first solution]

Talk about frustrated...!

I'd love to have a succinct answer to this. *I* don't need much persuasion
about the need for security, but I do spend a lot of time trying to persuade
customers that it is in their interests to pay for my time to make their
[local volunteer soccer league] website reasonably secure.

So come on Bil, don't leave us on a cliffhanger. Attending LDC is a
non-starter because of health. Will I ever hear the rest...?

Roddie Grant




--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Yeah . . . I'm not going to be able to attend that either.

I'm sure the point is not to give away all the goodies for free, since
registration is $500, but attending that is simply not a possibility for me
at the moment.  If anyone wants to give me some info/pointers on the
previous that wouldn't necessitate a trip to Chicago, that would be super
swell.  :)

What would people do with that local volunteer soccer league example, for
example?

(For comparison purposes, my site is a bit larger than that, I believe, but
that comparison is quite apt in terms of the probable lack of sensitivity of
the information involved.  Still, don't want it replaced by porn links,
nevertheless.)

Thanks!
Ramona


On 7/21/08 5:17 AM, "lasso_list@..." <lasso_list@...>
wrote:



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Coming in late here, I wanted to add my 2 cents and also hoot a  
little :)  At the conference I'm going to speak about the Lasso  
framework PageBlocks <www.pageblocks.org>, especially how it handles  
certan security matters. Here is an excerpt from MY paper :-D

-----
3. Security In PageBlocks: Data Validation

Security is an ever increasing concern when making web solutions.  
While a lot of responsibility for the securing of a server lays with  
the HSP, the developer is responsible for what the web application  
does in terms of opening holes into data and areas not meant for  
public access.
The problem is that the great power of the Internet and the great  
impact of good websites lay in their interactive nature, but this  
interactivity is obtained in your web application by the same means  
that opens almost all it's potential security risks.
While security is an area which naturally is constantly shifting, then  
there are basic rules that one can go with in order to get a very long  
way. PageBlocks is build up around a set of security principles which  
you find outlined here: <www.pageblocks.org/refc/refc_security>.  
Building with the PageBlocks framework and with these principles in  
mind increases chances considerably that your web application will  
stand well against attacks!
-----

My point is that using a framework like PageBlocks you get a lot of  
added value in terms of security, you don't need to invent the wheel  
once again :)

/nikolaj

On 21. jul 2008, at 14:17, Roddie Grant wrote:

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Ramone, Roddie & others,

OK, to be little more "constructive": I know how hard it can be to go  
to a conference like LDC i September, I only go because I happen to  
have enough frequent flyer points to get the trip for free!

My point with my previous post was that security is such a challenge  
for a (new) developer, that maybe a better way to invest your efforts  
is to take a tool that has already a lot of security layers build in  
instead of trying to built it all up oneself from scratch. PageBlocks  
is such a tool, Knop is another which also will be presented at the  
conference. Its all made with Lasso, but a lot of generic code,  
standard routines, convenient tags etc. is already in there, so you  
"hook into pre-defined stuff" instead of coding it up from zero.

The challenge is that learning to use a framework is a tough one, but  
whatever you choose to do you will spend a considerably amount of time  
getting things right, and then learning to work with a framework could  
be a good choice since there is a lot of other goodies included as  
well; not only increased security.

/nikolaj

On 21. jul 2008, at 16:16, Ramona Rock wrote:

> What would people do with that local volunteer soccer league  
> example, for
> example?

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

On 7/21/08 at 1:17 PM, lasso_list@... (Roddie Grant) wrote:

>I'd love to have a succinct answer to this. *I* don't need much persuasion
>about the need for security, but I do spend a lot of time trying to persuade
>customers that it is in their interests to pay for my time to make their
>[local volunteer soccer league] website reasonably secure.
>
>So come on Bil, don't leave us on a cliffhanger. Attending LDC is a
>non-starter because of health. Will I ever hear the rest...?

After the LDC we will make the materials available for everyone
in the community.  The materials from previous Lasso Summits are
available here.

<http://www.lassotech.com/TotW_20080229>

I think the real benefit of the LDC is being able to see the
presenters and other Lasso developers in person and to discuss
these issues which matter to all of us directly.  We all work in
Web development and some of us at companies which specialize in
Web development, but even so I suspect that most of us are not
often surround by so many people in our field as we find
ourselves at an event like the LDC.

[fletcher]

--
Fletcher Sandbeck                         fletcher@...
LassoSoft, LLC                          http://www.lassosoft.com


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

The idea of hooking into pre-defined stuff does have a LOT of appeal for me,
yes.

How easy is it to install?

(remember, I don't know squat)

(But I am trying to slowly hike up that learning curve . . .)

I have downloaded the pdf and I do see that there are some fairly
comprehensive-looking instructions in there, so that's encouraging, but in
your opinion, how easy will they be to flub up for a person such as myself
with no knowledge of squat? <grin>

And is this something I can do just on my end, or would PIS (webhosting
where I'm hosted so I can interact with my FM Pro database while I only own
Lasso Studio) need to be involved?

Does pageblocks like to access databases that are originally FM Pro?  As
long as I have all my Lasso Site Admin stuff configured properly, that is?

Also, this is just totally free?  (I don't see any pricing anywhere . . . )

Thanks!
Ramona


On 7/21/08 7:39 AM, "nikolaj@..." <nikolaj@...> wrote:



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Roddie Grant wrote on 7/21/2008 7:17 AM:
> So come on Bil, don't leave us on a cliffhanger. Attending LDC is a
> non-starter because of health. Will I ever hear the rest...?

As Fletcher already mentioned, all materials will be made available after the conference.  My paper only briefly touches on the topic on monetizing sites, just enough to make people think twice about relying on their site's relative obscurity (thus the impetus to always include security measures in every webapp built).

I will share two articles that I cite in my paper that are related:

        Hackers Hijack a Half-Million Sites
        <http://www.pcworld.com/businesscenter/article/145791/hackers_hijack_a_halfmillion_sites.html>

        Massive SQL Injection Attack 600.000++
        <http://www.0x000000.com/?i=556>

Both of those attacks were indiscriminate and obviously automated; it didn't matter if your site was large or small so long as it was vulnerable.


- Bil


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

> I have downloaded the pdf and I do see that there are some fairly  
> comprehensive-looking instructions in there, so that's encouraging,  
> but in your opinion, how easy will they be to flub up for a person  
> such as myself with no knowledge of squat? <grin>

I think it would be misleading to say that PageBlocks is easy :)
My point was that making secured websites is going to be quite a lot  
of work anyway, so why not invest that number of hours in getting  
familiar with a framework, which eventually will give you much more  
back than "only" security layers?

Speaking out of my own experience: what is easy and what is hard is  
much more a matter of what we *imagine* about a given challenge and  
how we approach it than the mere facts of that challenge itself.  
Before you can drive a car it seems impossible to be 100% focused on  
highly complex situations happening in the traffic around you and  
immediatly translate those immediatly into coordinated commands, many  
simultanously, governing that machine og several hundreds of kilos.  
And then, at some point, you find yourself not only capable of all  
this, but being so while speaking to the person next to you!

If you focus on "this is possible", remembering that people before you  
have resolved it, and then go step by step, then you can :)

PageBlocks was developed by Greg Willits, he used it in his own  
projects. Its not developed with any "pedagogical" aims in mind other  
than to show how "it can be done".

> And is this something I can do just on my end, or would PIS  
> (webhosting where I'm hosted so I can interact with my FM Pro  
> database while I only own Lasso Studio) need to be involved?
>
>>
> Does pageblocks like to access databases that are originally FM Pro?


More things here:

1) In theory PageBlocks is designed to be able to communicate with  
FileMaker databases, except I haven't personally tried it. I don't  
have a setup that allows me to do so.

2) To develop you will need a setup both at the hosting service and  
locally. But Lasso Studio doesn't prevent you from that - a Lasso  
installation without serial number has all database connectivity in  
place; the problem could be to have a FM Pro installation locally - I  
don't know since I don't own a license... You will want to have two,  
identical setups, one locally and one remotely.

3) Its no problem to install PageBlocks at Point In Space! Point In  
Space is used to setup this kind of accounts and doesn't charge extra  
to do so. Point In Space sponsors the hosting of www.pageblocks.org.  
Point In Space doesn't give support on PageBlocks problems though,  
only on hosting-related PageBlocks problems.

> Also, this is just totally free?

Its all free! Its an open source project, users are encouraged to  
comment and co-develop on it. There used to be a mailinglist, but  
after I took over the PageBlocks project I haven't found the time and  
resources to enable it again. Eventually I will do so, however.

/nikolaj

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Nikolaj de Fine Licht wrote on 7/21/2008 3:06 PM:
Read (and watch) this:

<http://www.0x000000.com/?i=613>


- Bil


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

On 21. jul 2008, at 23:00, Bil Corry wrote:

> Read (and watch) this:
>
> <http://www.0x000000.com/?i=613>

In-cre-dible! New to me! You hardly believe what you see (if only that  
thickhead with the camera would hold it still).

I have a good friend, he's a musician too. He is a specialist in  
Medioeval music and plays pipe-and-tabor. Now, that may sound simple.  
But it isn't. He holds a small flute, a recorder actually, in the left  
hand and a drum hangs in a strap from the thumb of the left hand. with  
the right hand he drums the drum.
Now, what he's capable of with those two, you would say, "primitive"  
instruments! He can play complex stuff on the recorder while drumming  
other complex stuff that goes completely against the rythm he has in  
the recorder. Its like his brain is split in two "players", again your  
first reaction is "this isn't possible". But, apparently, there aren't  
any boundaries :)

/nikolaj

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Nikolaj de Fine Licht wrote on 7/21/2008 5:48 PM:
> But, apparently, there aren't any boundaries :)

Only the imaginary, self-imposed ones.


- Bil


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/