Older blog entries for Stevey (starting at number 100)

2 Jun 2003 (updated 2 Jun 2003 at 23:25 UTC) »
Articles

 I agree with raph that the most recent article wasn't appropriate for the site .. but it's hard to see how this situation could be improved.

 My initial thought was to have the articles only visible to people of "Master" rank or above(?), at which point it could be rated.

 If there were a voting that was positive, in some way, it could go live.

 This is similar to the way that I belive Kuro5hin works though I've never studied the mechanics - and vaguely Perl Monks-like.

 Sadly despite my hacks on Advogato's code, (probably causing more harm than good), I'm still constantly confused by the multiple repositories and the XML stuff.

 Every now and again I think about writing a similar construction in Perl which I could understand - but that would be a worthless duplication of effort. If it worked it would steal viewers from here, and if it didn't without an audience it'd be pointless.

 Never enough hours in the day .. that's my trouble!

MPIO

 The MPIO is a simple parallel port MP3 player with 64Mb of onboard memory.

 Once upon a time I owned one, and couldn't find any driver details. Eventually I got it working under Linux, but it was a nasty hack.

 I'd forgotten all about it, since being given a Muvo, (usb based), player which required no effort to get working with Linux.

 Yesterday I received an email from somebody who'd done a Google search for details and come across my Advogato diary describing my progress.

 He asked, politely, if I could share my code - but sadly I could not... Having changed computer in the meantime I was sourcless.

 Nonetheless I remembered an Australian site that contained some code.

 In case anybody is in a similar situation again:

 It's interesting that the code talks about a device called a Jazz Piper; but it works perfectly with the MPIO device.

 (I guess for completeness MPIO USB Linux Driver is held upon SourceForge).

Google

 The power of google to allow people to help themselves never ceases to amaze me.

 It was only a couple of weeks ago that I got an email from somebody in Russia who wanted to know about the patch I'd made to allow my Logitech PCVC720K/40 camera to run under Linux.

 He had the same model, so I shared the code.

 I feel humbled by the sheer size of the world, and the unlikely coincidence that one person working alone can produce exactly what somebody else in another continent desires, and they can both find each other by magic.

Code-Fu

 I've not done much real work recently, I toyed with packet capture and HTTP sniffing. Nothing really new was produced - A C++ Plugin based network sniffer, with a couple of plugins for displaying POP3/FTP/CVS logins, etc.

 The intention is to handle form POSTS and attempt to analyse their contents for passwords - but I've lost interest for the moment.

 From the mails I've received I (perhaps unsuprisingly) appear to have only received interest from the blackhats. That's enough to make me feel slightly uneasey.

Languages

 Once again I lament the various programmers that will insist writing things in C ...

 I had the idea to write a simple packet capturing application which would use a collection of plugins to interpret each packet sniffed upon the LAN, and display interesting details.

 Sadly the code I had lying around for loading plugins from shared libraries at run-time was C++ based, and libpcap is written in C.

 I spent a day or two looking for a wrapper around libpcap written in C++ and only found one source archive with no documentation and broken links to the maintainer.

 Still I've been interested in this kind of thing for a while and managed to build a driver program, and a simple plugin to capture, decode, and display HTTP basic realm authentification requests.

 Now the plan is to stabalise the plugin API, and write more interesting ones.

 (For reference the code is here - and yes I know about the existance of dsniff, as I maintain the Debian package).

Life

 I'm in the middle of moving house, having organized the sale of my flat and bought a new one. Now I just have to wait for the time of the move.

 It feels a little odd moving after living in this flat for the past three years, as this is the longest I've lived anywhere for the past 8 years or so.

 The motivation for moving is so that I have a bigger flat, with space for a sizable dog.

 So I'm moving to a place close to a park which will be handy for walking the dog, and into a flat which is large enough that I won't feel too guilty when I leave the animal on it's own during my working day.

 At the moment I'm thinking of an Alsation, Labrador, Golden Retrievor, something of that order of magnitude!

2 Apr 2003 (updated 2 Apr 2003 at 11:08 UTC) »
Debian

 After a little feedback I've update my Debian Wallpaper Packages.

 That's the most free stuff I've done recently, I keep on being too sleepy and tired to do much coding, even though I have lots of interesting things to work upon.

 Last night I met Chris Leishman, a fellow Debian developer and had a couple of drinks. That was fun.

 If any other Debian developers come over to Edinburgh for a while I'd be happy to do the same again.

Debian Desktop?

 I remember reading a while back upon the debian-devel mailing list that there was a new sub-project created; debian-destop.

 Their aim was to have a nice pretty installation that would be good for novices and experts alike.

 Personally I consider the aims too imprecise to ever be achieved fully, but I do apploud their efforts.

 One of the things which I remember being discussed was a set of uniform desktop wallpapers for GNOME and KDE - presumably based upon the reasoning which made both SuSE and RedHat have a unified environment.

Debian Wallpapers

 Remembering this discussion and having to move my desktop wallpapers over to my new laptop I've created a minimal desktop environment, and window manager, independent wallpaper system for Debian.

 This package provides a basic framework for supporting image packs, and themes across all X11 windowing environments under Debian GNU/Linux.

 So far I've just produced a couple of collections:

 After making a post upon the mailing list yesterday I've received no public feedback - but a couple of keen volunteers made good suggestions and gave me private feedback. I'd appreciate more..

16 Mar 2003 (updated 16 Mar 2003 at 17:06 UTC) »

 Entry made in error - couldn't delete it.

 Refer back here for details of scripting attacks.

 Since I'm gratuitously updating this entry; The War On Smoking is going well, seven days - five smokes.

 Five too many of course, but progressing well.

15 Mar 2003 (updated 15 Mar 2003 at 21:08 UTC) »
Advogato

 My patched version of Advogato's code, mod_virgule, should be hitting Debian unstable shortly.

 Now I've got to finish the two articles I've been working on for the past week. One was on the type of articles that people would like to see posted here - but after reading this I think that's doomed.

 The more topical article is about website security. Over the past week or two I've been involved with diagnosing and reporting scripting vulnerabilities with several large sites, including Livejournal.

 Some of these sites have acknowledged the problem(s) and fixed them, others have been silent, or offered replies saying "yes we'll fix this soon. honest. But if we don't can you keep quiet anyway?"

 I don't think the piece will reveal anything shockingly new to CGI programmers, and the intended article will probably not be read by the appropriate audience anyway .. but I'd still feel good if I wrote it.

 The summery is probably "Javascript + cookies = bad"

 Oh and after reading the source to the site, here's a fun link:

http://www.advogato.org/foo.html

Advogato

 I've spent more time testing my Debian package of the Advogato code. So far it's looking good, barring bugs I'll upload it upon Monday.

 I've been thinking about posting another article, but I haven't quite got the courage. My last one appeared to get more criticism than anything - making me think that a lot of people had missed the point.

 I found it interesting that I got more email comments than posted comments - I wonder how common that is?

 (Essentially my article would be "What kind of articles would we like to see here?" explored. Comment in advance?)

Coding

 I've been hacking upon the LiveJournal code, and having a great time.

 One thing I dislike about this site is that if you're away for a week or more you lose track of whats happening with people - recentlog doesn't allow you to go backwards, and commenting upon journals directly isn't possible.

 Ideally you should be able to be told/mailed when your name is mentioned in the recentlog, that way you wouldn't miss "conversations" which occur....

Life

 I have been an ex-smoker for 23 hours and 24 minutes.

 Wish me luck...

Advogato

 After posting the recent patch for reminding users of their passwords I've been looking over the code a bit more.

 Generally I'm quite impressed by it, but I can't help thinking that the account creation for the site is wrong somehow.

  • Email addresses are never validated.
  • Plaintext passwords are stored in the database.

 These aren't huge concerns, but it's still troubling to see a prominent site using non-validated logins.

 In other news I've submitted an "intent to package" bug against Debian to package the code behind this site, and add it to Debian.

 Basic packages are available now, but the require testing and hammering before I upload..

Advogato Password Remailor

 OK so after a weeks holiday I'm bored, I wanted to spend a few hours hacking something interesting.

 Browsing through the Advogato site it suddenly struck me, I could download the code to the site, and implement the password reminder functionality that a lot of people would like.

 So I grabbed the latest CVS sources to mod_virgule, and started prodding.

 Installation was very straightforward, and understanding the code was fairly simple too - the only area I had confusion in was the XML stuff.

 Anyway.. it is done.

 I've added a new checkbox to the 'login' page, "I've forgotten my password", and code to lookup your email address, and mail you your password.

 How it works:

  1. Add an 'I forgot my password' checkbox to the login page.
  2. At login time look for this being set, if it is :
    • Make sure the account exists - or error.
    • Find the email address for the account - or error.
    • Find the password for the account - or erro.
    • Mail it to the user - or error.
    • Inform the user the mail has been sent.

 Comments are welcome, as is pointers to better ways to make the changes, and etc.

 I hope this atones for my past sins ;)

 Code is available:

91 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!