Older blog entries for Stevey (starting at number 97)

2 Apr 2003 (updated 2 Apr 2003 at 11:08 UTC) »

 After a little feedback I've update my Debian Wallpaper Packages.

 That's the most free stuff I've done recently, I keep on being too sleepy and tired to do much coding, even though I have lots of interesting things to work upon.

 Last night I met Chris Leishman, a fellow Debian developer and had a couple of drinks. That was fun.

 If any other Debian developers come over to Edinburgh for a while I'd be happy to do the same again.

Debian Desktop?

 I remember reading a while back upon the debian-devel mailing list that there was a new sub-project created; debian-destop.

 Their aim was to have a nice pretty installation that would be good for novices and experts alike.

 Personally I consider the aims too imprecise to ever be achieved fully, but I do apploud their efforts.

 One of the things which I remember being discussed was a set of uniform desktop wallpapers for GNOME and KDE - presumably based upon the reasoning which made both SuSE and RedHat have a unified environment.

Debian Wallpapers

 Remembering this discussion and having to move my desktop wallpapers over to my new laptop I've created a minimal desktop environment, and window manager, independent wallpaper system for Debian.

 This package provides a basic framework for supporting image packs, and themes across all X11 windowing environments under Debian GNU/Linux.

 So far I've just produced a couple of collections:

 After making a post upon the mailing list yesterday I've received no public feedback - but a couple of keen volunteers made good suggestions and gave me private feedback. I'd appreciate more..

16 Mar 2003 (updated 16 Mar 2003 at 17:06 UTC) »

 Entry made in error - couldn't delete it.

 Refer back here for details of scripting attacks.

 Since I'm gratuitously updating this entry; The War On Smoking is going well, seven days - five smokes.

 Five too many of course, but progressing well.

15 Mar 2003 (updated 15 Mar 2003 at 21:08 UTC) »

 My patched version of Advogato's code, mod_virgule, should be hitting Debian unstable shortly.

 Now I've got to finish the two articles I've been working on for the past week. One was on the type of articles that people would like to see posted here - but after reading this I think that's doomed.

 The more topical article is about website security. Over the past week or two I've been involved with diagnosing and reporting scripting vulnerabilities with several large sites, including Livejournal.

 Some of these sites have acknowledged the problem(s) and fixed them, others have been silent, or offered replies saying "yes we'll fix this soon. honest. But if we don't can you keep quiet anyway?"

 I don't think the piece will reveal anything shockingly new to CGI programmers, and the intended article will probably not be read by the appropriate audience anyway .. but I'd still feel good if I wrote it.

 The summery is probably "Javascript + cookies = bad"

 Oh and after reading the source to the site, here's a fun link:



 I've spent more time testing my Debian package of the Advogato code. So far it's looking good, barring bugs I'll upload it upon Monday.

 I've been thinking about posting another article, but I haven't quite got the courage. My last one appeared to get more criticism than anything - making me think that a lot of people had missed the point.

 I found it interesting that I got more email comments than posted comments - I wonder how common that is?

 (Essentially my article would be "What kind of articles would we like to see here?" explored. Comment in advance?)


 I've been hacking upon the LiveJournal code, and having a great time.

 One thing I dislike about this site is that if you're away for a week or more you lose track of whats happening with people - recentlog doesn't allow you to go backwards, and commenting upon journals directly isn't possible.

 Ideally you should be able to be told/mailed when your name is mentioned in the recentlog, that way you wouldn't miss "conversations" which occur....


 I have been an ex-smoker for 23 hours and 24 minutes.

 Wish me luck...


 After posting the recent patch for reminding users of their passwords I've been looking over the code a bit more.

 Generally I'm quite impressed by it, but I can't help thinking that the account creation for the site is wrong somehow.

  • Email addresses are never validated.
  • Plaintext passwords are stored in the database.

 These aren't huge concerns, but it's still troubling to see a prominent site using non-validated logins.

 In other news I've submitted an "intent to package" bug against Debian to package the code behind this site, and add it to Debian.

 Basic packages are available now, but the require testing and hammering before I upload..

Advogato Password Remailor

 OK so after a weeks holiday I'm bored, I wanted to spend a few hours hacking something interesting.

 Browsing through the Advogato site it suddenly struck me, I could download the code to the site, and implement the password reminder functionality that a lot of people would like.

 So I grabbed the latest CVS sources to mod_virgule, and started prodding.

 Installation was very straightforward, and understanding the code was fairly simple too - the only area I had confusion in was the XML stuff.

 Anyway.. it is done.

 I've added a new checkbox to the 'login' page, "I've forgotten my password", and code to lookup your email address, and mail you your password.

 How it works:

  1. Add an 'I forgot my password' checkbox to the login page.
  2. At login time look for this being set, if it is :
    • Make sure the account exists - or error.
    • Find the email address for the account - or error.
    • Find the password for the account - or erro.
    • Mail it to the user - or error.
    • Inform the user the mail has been sent.

 Comments are welcome, as is pointers to better ways to make the changes, and etc.

 I hope this atones for my past sins ;)

 Code is available:

Philips Webcam

 After the success at using the pwc drivers for my existing webcam I decided to base my next webcam purchase upon the list of models it supported.

 Looking through amazon to add a model to my wishlist I found the PCVC720 model which is supported either by the PWC drivers or the OV511 drivers. (Apparently there are two flavours of this model).

 So I added it to the list, and waited for my lovely friend to pay for it :)

 When it turned up I was pleased to see that it's the newer model, as supported by PWC.

 Unfortunately when I tried to use it I soon discovered that it was not supported. Oops.

 Not wanting to disapoint my lady friend who was expecting to see me up close and personal .. I looked over the source, and came up with the following patch to make it run.

 Minor change I know .. but I was pleased - I only got one kernel panic whilst making changes!

The things people say:

 I just received the following email:

From: "Claire "
To: Me
Subject: Serious GNUMP3d security vulnerability

Ha ha ha! Just kidding!

I crack me up.

 For a second reading the title I was worried, then I saw the message and I just about killed myself laughing.

 I guess I shouldn't but.. please

 I wonder if anybody else had received something like this before?

Brain Wave!

 I've just had one of those brainwave moments where you realise the solution to a problem - then kick yourself for not seeing it before.

 It's at moments like these where I feel a combination of pride and humbleness. Life is good.

The Problem

 For those that are interested - the problem and my cunning solution.

 I've been working on an MP3 server, which has been almost discussed to death here.

 Anyway there server presents an interface to the music assessible through a web browser, along with a preferences page.

 Many users want to be able to choose the bitrate of the songs they listen to via the preferences page - but I've always said "No that can't work".

 Essentially the problem is that the user may set preferences which will be stored as cookies, but when a playlist is generated the users MP3 player will make the requests for the songs, and not send cookie information - meaning that bitrates cannot be set.

 I just realised that I can do better than this; when the server is asked for a playlist it can alter what is sent to the user, such as:


 The MP3 player will request 'file.mp3-low' and at this point the server knows that "file.mp3" exists, so it can do the downsampling in "low" mode and send it to the player.

 Problem solved.

88 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!