Upload your plugins

[aatwo]

Bluntly:

Heres a website I made for you to upload paint.net plugins with.

http://www.aatwo.com/paint.net/plugins/

--------------------------------------------------------

Not so Bluntly:

I have to learn JavaScript and PHP for my course at University and so I started a project to benefit my knowledge of the languages and to do something that will hopefully be useful to the community.

At present it's just a file upload form that takes your plugin as well as a few other details and then gives you an URL for your file, however I hope to improve and expand upon it.

I know there is no problem with the current way people upload their plugins using the forum to browse them, however I was hoping to do some nifty tricks in the future such as being able to search for plugins, catogorise the plugins, notify users of plugin updates and so forth. But most importantly it's really going to help me with my university course

Here's the link. I hope somone finds it useful.

http://www.aatwo.com/paint.net/plugins/

Any comments or suggestions are welcomed, except for the racist ones. I don't like those.

(I didn't know whether to post this is the plugin forum or not).

[Illnab1024]

Well, in any case, this is a great and useful application of your acquired knowledge. You may want to make sure the dialogs are hacker-proofed, though.

[Bob]

Thanks!

Just reading your TOS, i found 2 glitches.

1- I think you should not define what is abusive content, allowing you more liberty to do what you want with it.

2-

3 - Legal Policy:

ImageShack® Terms of Service are subject...

:wink:

[Rick Brewster]

Moving to the Overflow for two reasons:

1. This isn't an official plugin upload site provided by me.

2. Somehow I doubt this site has undergone a thorough security analysis. Not to discourage you -- security is just a very intricate (and important) topic, one which I doubt they've touched on much in your course.

[Illnab1024]

That makes me think:

User agrees to indemnify and hold aatwo.com harmless from any loss, liability, claims, damages and expenses, including attorneys fees, arising from or related to the content, use, or deletion of User's Files or use of any other feature or service.

"This plugin makes your computer explode"

[aatwo]

I don't see how not defining abusive content allows anyone more liberty in a positive way. I want this to be used for paint.net plugins and paint.net plugins only.

Thanks for pointing that out though image shack have a very good Terms and Conditions page.

Moving to the Overflow for two reasons:

2. Somehow I doubt this site has undergone a thorough security analysis. Not to discourage you -- security is just a very intricate (and important) topic, one which I doubt they've touched on much in your course.

No they haven't.

[aatwo]

Rick: It's not a basic file upload procedure, there some server side checks to ensure the file being uploaded is valid.

[Rick Brewster]

aatwo, I'm not trying to contest your intentions I don't know much about web development but I can already spot two problems with the page.

(1) It asks for a password but not a double-check of the password (what if I make a typo? I'm locked out foreevveerr!)

(2) Everything is done via http and not https, which means the password is sent in the clear. (and SSL certificates aren't free) All I have to do is packet sniff your network to grab username/password combinations. Then I hack your page using someone else's login (look up "repudiation") -- or rather, I can do things using that person's login but it still looks like they did it. But even worse I can use the fact that most people use the same password for lots of things and try to go hack things like myspace pages and bank accounts.

I say keep working on it though, you can only learn more cool stuff. But in the short term I don't feel comfortable having this outside of the Overflow.

[aatwo]

It has many flaws but just you wait :wink:

-------------

You must have a lot of past experience behind you. Mind me asking what kind of projects you've been into in the past?

[aatwo]

You must have a lot of past experience behind you. Mind me asking what kind of projects you've been into in the past?

Thought you might have seen that as part of my signature and skipped over it :?:

[Rick Brewster]

You must have a lot of past experience behind you. Mind me asking what kind of projects you've been into in the past?

Thought you might have seen that as part of my signature and skipped over it :?:

Yeah I didn't even see it.

It's mostly a matter of having done a lot of security and code reviews, and having gone through all the required security training here. Good security isn't something that happens on accident or by default, and poor security isn't necessarily the result of inexperience or incompetence. So everything is suspect and guilty until proven innocent by having passed through intense scrutiny (and even then ...). I don't have much web development experience but the mentality transfers over -- whereas in C++ you can shoot yourself with stray pointers or uninitialized variables or lack of error checking, there is a whole other bag of problems in Javascript, et. al. (cross site scripting, SQL injection, encryption requirements, etc).

[aatwo]

huh?

I meant as in general programming. I'm interested in the path that lead you to where you're at now and was just wondering what kind of things you were doing before you started the paint.net project.

I think you misinterpreted my question

[Rick Brewster]

huh?

I meant as in general programming. I'm interested in the path that lead you to where you're at now and was just wondering what kind of things you were doing before you started the paint.net project.

I think you misinterpreted my question

Oh I thought you were asking w.r.t. relevancy to security.

Previous projects ... bear in mind I hacked on these in college and way before. So here's my project resume:

* Lots of little command-line utilities and nerdy games in BASIC and Turbo Pascal, 5th grade through half way in to senior year [of HS]...

* Findupes ("find dupes"), this is what I cut my teeth to learn C on almost exactly 8 years ago when I was half-way through my senior year of high school. It was basically a command-line little utility that recursed through 2 directory trees and told you which files were binary duplicates. And then it would delete them (mwahaha?) if you specified -d or something. Linked lists ... pointers ... malloc ... free. Worked in both Linux and Windows! I still use this on occasion actually.

* ThumbGen -- Actually I still use this, albeit with some major optimizations added in ( http://blogs.msdn.com/rickbrew/archive/ ... 44446.aspx ). Good intro to some image processing, and another utility that [used to] works in Linux and Windows. Wrote it right after Findupes. Point it to a directory, and give it an output directory, and it'll grab all the JPEG's from the input dir, resize them to the target dimensions you want and spit them into the output dir.

* Consframe (short for 'console framework' I think). I can't even describe this, it was some weird wants-to-be-a-shell-server type program. This was a silly project in hindsight, except for the fact that I learned a lot by way of writing and debugging some very well intentioned but not very well written code. Lots of multithreaded stuff too, which I highly recommend dunking yourself into as soon as possible (watch out, the water is very cold). Roughly 20,000 lines of C++ code. I started this during the 2nd half of my senior year of high school using a bootleg copy of Visual Studio 6, and stopped work on it maybe 9 months later. I never finished it. But hey, it had a Telnet-able copy of Tetris in it, user permissions, lots of stuff I forget, etc.

* Epica. This was a visualization plugin for Winamp. You might even be able to find a copy online somewhere. It used DirectDraw as a blitter, and there was lots of C/C++ and x86 assembly for pushing and manipulating pixels. 38,000 lines of code and 250,000 downloads later... I actually started this my freshman semester at college. I was nerding around with some graphics code and this just sorta grew out of it. A lot of what I learned on this codebase transitioned to the stuff in Paint.NET, things like the pixel op classes for operating on rows of pixels in a polymorphic way.

* Fraginator. I'm not joking here. I had a summer job at OfficeMax that was painfully dumb ("Can I help you? No the staples are on aisle 384") and I decided to write a disk defragmenter for Windows 2000. I did it in 2 or 3 weeks and called it Fraginator like it was some super hero that was defragging your hard drive. It had this picture of a muscle guy's face (it was actually stolen from Jeff K on Something Awful) and a little text label that said "Defrag baby!". Also had a command-line version ("unfrag.exe") based on the same source code files that could defrag multiple drives at once, and I had a complete help file for it too. I doubt you'll find this anywhere online anymore. I think this was 5000 lines of C++ code. (Side bar: hah, I just found this on my hard drive -- and it still works in Vista! I am totally fraginating my D drive right now.)

* All sorts of assignments in college.

* Paint.NET -- Yeah you know about this one.

[Rick Brewster]

Oh, I totally forgot,

* ListXP -- This was a text-based file viewer. It used some code from Consframe for displaying a custom rendered window full of text. It had a ton of code in there for implementing some advanced data structures, and for reading code from a file as fast as humanly possible (go look up overlapped I/O and prefetching and streaming and then your head will explode). 35,000 lines of C++ code ... it was way more interesting than I'm letting on here.

[BoltBait]

* Fraginator. I'm not joking here. I had a summer job at OfficeMax that was painfully dumb ("Can I help you? No the staples are on aisle 384") and I decided to write a disk defragmenter for Windows 2000. I did it in 2 or 3 weeks and called it Fraginator like it was some super hero that was defragging your hard drive. It had this picture of a muscle guy's face (it was actually stolen from Jeff K on Something Awful) and a little text label that said "Defrag baby!". Also had a command-line version ("unfrag.exe") based on the same source code files that could defrag multiple drives at once, and I had a complete help file for it too. I doubt you'll find this anywhere online anymore. I think this was 5000 lines of C++ code. (Side bar: hah, I just found this on my hard drive -- and it still works in Vista! I am totally fraginating my D drive right now.)

Rick, have you ever considered rewriting this as a screen saver?

I have never understood why Windows doesn't ship with a defrag screen saver.

[Rick Brewster]

Rick, have you ever considered rewriting this as a screen saver?

Nope.

[BoltBait]

Bummer. I would really like to have a useful screen saver.

The only other one I consider even remotely useful is the clock.

EDIT: I have found this: http://www.kessels.com/JkDefrag/

I think I'll try it.

[aatwo]

Nice resumé. I am suprised that you were getting right into C in high school. I some how feel like I should be doing a lot more than what I'm doing at the moment after looking at that, since the greatest thing I've achieved is a crappy little game of connect four in Java script...which is probably the easiest language to learn ever!

What kind of nerdy little games were they?

Also, you should totally give your defrag program a make over. "Defragging is only half the battle." And then have a picture of Boltbait in his underwear, with a cape and a monocle.

[BoltBait]

Also, you should totally give your defrag program a make over. "Defragging is only half the battle." And then have a picture of Boltbait in his underwear, with a cape and a monocle.

Interesting idea, but where would he get such a picture?

[aatwo]

Do you have a camera?

[Picc84]

haha wow... that was intresting, and aatwo, once i get C# inbedded in my head, i'll use your site!

[Bob]

You do not fragment your disk as often as you run a screensaver.