Older blog entries for Stevey (starting at number 92)

Advogato

 After posting the recent patch for reminding users of their passwords I've been looking over the code a bit more.

 Generally I'm quite impressed by it, but I can't help thinking that the account creation for the site is wrong somehow.

  • Email addresses are never validated.
  • Plaintext passwords are stored in the database.

 These aren't huge concerns, but it's still troubling to see a prominent site using non-validated logins.

 In other news I've submitted an "intent to package" bug against Debian to package the code behind this site, and add it to Debian.

 Basic packages are available now, but the require testing and hammering before I upload..

Advogato Password Remailor

 OK so after a weeks holiday I'm bored, I wanted to spend a few hours hacking something interesting.

 Browsing through the Advogato site it suddenly struck me, I could download the code to the site, and implement the password reminder functionality that a lot of people would like.

 So I grabbed the latest CVS sources to mod_virgule, and started prodding.

 Installation was very straightforward, and understanding the code was fairly simple too - the only area I had confusion in was the XML stuff.

 Anyway.. it is done.

 I've added a new checkbox to the 'login' page, "I've forgotten my password", and code to lookup your email address, and mail you your password.

 How it works:

  1. Add an 'I forgot my password' checkbox to the login page.
  2. At login time look for this being set, if it is :
    • Make sure the account exists - or error.
    • Find the email address for the account - or error.
    • Find the password for the account - or erro.
    • Mail it to the user - or error.
    • Inform the user the mail has been sent.

 Comments are welcome, as is pointers to better ways to make the changes, and etc.

 I hope this atones for my past sins ;)

 Code is available:

Philips Webcam

 After the success at using the pwc drivers for my existing webcam I decided to base my next webcam purchase upon the list of models it supported.

 Looking through amazon to add a model to my wishlist I found the PCVC720 model which is supported either by the PWC drivers or the OV511 drivers. (Apparently there are two flavours of this model).

 So I added it to the list, and waited for my lovely friend to pay for it :)

 When it turned up I was pleased to see that it's the newer model, as supported by PWC.

 Unfortunately when I tried to use it I soon discovered that it was not supported. Oops.

 Not wanting to disapoint my lady friend who was expecting to see me up close and personal .. I looked over the source, and came up with the following patch to make it run.

 Minor change I know .. but I was pleased - I only got one kernel panic whilst making changes!

The things people say:

 I just received the following email:

From: "Claire "
To: Me
Subject: Serious GNUMP3d security vulnerability

Ha ha ha! Just kidding!

I crack me up.

 For a second reading the title I was worried, then I saw the message and I just about killed myself laughing.

 I guess I shouldn't but.. please

 I wonder if anybody else had received something like this before?

Brain Wave!

 I've just had one of those brainwave moments where you realise the solution to a problem - then kick yourself for not seeing it before.

 It's at moments like these where I feel a combination of pride and humbleness. Life is good.

The Problem

 For those that are interested - the problem and my cunning solution.

 I've been working on an MP3 server, which has been almost discussed to death here.

 Anyway there server presents an interface to the music assessible through a web browser, along with a preferences page.

 Many users want to be able to choose the bitrate of the songs they listen to via the preferences page - but I've always said "No that can't work".

 Essentially the problem is that the user may set preferences which will be stored as cookies, but when a playlist is generated the users MP3 player will make the requests for the songs, and not send cookie information - meaning that bitrates cannot be set.

 I just realised that I can do better than this; when the server is asked for a playlist it can alter what is sent to the user, such as:

http://server.somwhere.org/path/to/file.mp3-low
http://server.somwhere.org/path/to/file.mp3-low
http://server.somwhere.org/path/to/file.mp3-low

 The MP3 player will request 'file.mp3-low' and at this point the server knows that "file.mp3" exists, so it can do the downsampling in "low" mode and send it to the player.

 Problem solved.

LiveJournal

 Well my LiveJournal Valentine System has finished now.

 The stats are quite impressive - from Monday's start of one user I'd got 3742 at 12:01PM on Friday.

 Watching the users and matches grow was very rewarding, and I'm happy the that machine and network handled the load - despite my suboptimal code.

 I've now become much more interested in the spread of memes - after watching the site get named-checked in an ever-expanding circle of communities.

 I'm working on plotting a graph showing the spread of referrers back to the single start point - it's a little tricky to represent well, but I figure an unbalanced tree would be a good aproximation..

LiveJournal

 I've had a LiveJournal account for the past few months, ever since I received an invite code from ciphergoth.

 After recently spotting a community dedicated to the posting of anonymous Valentine accouncements I was inspired to create a more automatic system.

 What I created is essentially a database based double-blind system.

 You nominate (up to) three LiveJournal users, and if any of those nominate you back you're both sent a nice "You have a Valentine match" email.

 This is the first time I've used the Perl DBI to interface with MySQL, previously I've used PHP.

 I have to say, though that it rocks - very simple to understand, and very easy to work with. Kudos to the Perl DBI people.

LiveJournal Valentine System

 So .. if you're a LiveJournal user give it a go:

GNUMP3d

 Things have been progressing nicely with the project, it's been recoded entirely in perl now, which has resulted in some speedups, and some slowdowns.

 Given than the server is usually Network/IO bound it's not had a massive effect, so I feel the decision to change was justified. (It runs under windows too now!)

 I discovered via a random email that the program/project had recieved a namecheck in the German Linux User magazine. Unfortunately I cannot find any mention of this upon the website, and I don't know anybody in Germany who could provide a synopsis of it's mention.

 It's almost time for a new release.. :)

Debian

 I love the 'apt-listchanges' package, and spent a while trying to see if there was a simple way to code something similar 'apt-warn-setuid'.

 The idea is that after a package is installed it would warn you if any setgid/setuid binaries had been installed.

 To be honest I'm not sure of the value, but it did strike me as an interesting thing to have for a day or two. I was too busy at work to do anything with the idea though..

Work

 I setup Netsaint at work - to monitor all of our servers. (Yes I realise it's called Nagious now; but the Debian package is still named Netsaint).

 It's a lovely piece of software, but it can be a little bit intimidating to setup for the first time.

 One thing I'm having problems with is false warnings - especially with the ping test.

 Quite often I've received emails of the form:

Machine FOO is WARNING: Ping package loss 0.0% Time 17.0ms

 So .. no packet loss, and an acceptible ping time - why's that a warning? I'm confused by this at the moment; I'll have to read more of the, comprehensive, documentation I guess.

Jabber

 Many months ago I flirted quite heavily with Jabber, the open messaging system. I looked over the code to several clients, and the server 'jabberd'.

 At the time I was looking at replacing our companies reliance upon ICQ with an internal chatting system which would be more secure, and under our control.

 Setting up the internal testing server was fairly trivial, so much so that that test server became a live server in a matter of days.

 I spent a while writing maintainance scripts to automatically manage contacts - and then stopped touching it.

 Last week I received an e-mail from somebody who had spotted my old conversation logging patch. He wanted me to update it, tidy it up, and release it to him.

 Over the course of a couple of days worth of email exchanges I did that - and just found out that he's purchased a copy of the printed version of Open Source Development With CVS book from my wishlist.

 The Jabber patch will be released to the world once I've tidied it up some more.

Debian

 I've been doing a lot more Debian work recently, packaging up several small utility scripts into my own apt-get'able repository.

 In addition to that I've sorted out my Debian GPG key - adding identities to it, so that I can manage my debian duties more easily. (This mostly means that the 'skx @debian .org' address is being used for all the mailing lists, etc).

 I often feel that using GPG/PGP is akin to working magic. Theoretically I understand what is going on, but the details escape me.

 Editting keys, marking relationships as trusted, etc, are all scary counter-intuitive options.

 Maybe it's just me ...

Life

 I'm tidying my flat, in Edinburgh, in preparation to sell it and move to a bigger place.

 The valuations I have had performed suggest I'm gonna make a killing on the price I paid for the place ~3 years ago.

 Unfortunately the price rises have been pretty uniform throughout the city .. so I'm going to have to move further out to afford a decent sized place.

 The move is basically been prompted by my desire to get a big dog, (alsation/golden labrador/etc), now that my Tigger passed away.

 It might seem like overkill to move house to get a new pet - but the place would be a little too small for even a young dog, and I"d feel too guilty leaving for work in the morning...

<hr width="50%">

 Now .. I wonder what peoples reactions when they see a heavily pierced, skinhead bloke walking down the street with an Alsation! Probably not the reaction I'd like to see. *shrugs*

Christmas

 Merry Christmas for those of you who celebrate it.

 I've only been awake for a couple of hours after a late night writing a Debian security notification script - this is working well, but it still needs some more work. (I'd like the package to automatically setup a cron job to make sure the thing runs properly)

83 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!