15 Mar 2003 Stevey   » (Master)


 My patched version of Advogato's code, mod_virgule, should be hitting Debian unstable shortly.

 Now I've got to finish the two articles I've been working on for the past week. One was on the type of articles that people would like to see posted here - but after reading this I think that's doomed.

 The more topical article is about website security. Over the past week or two I've been involved with diagnosing and reporting scripting vulnerabilities with several large sites, including Livejournal.

 Some of these sites have acknowledged the problem(s) and fixed them, others have been silent, or offered replies saying "yes we'll fix this soon. honest. But if we don't can you keep quiet anyway?"

 I don't think the piece will reveal anything shockingly new to CGI programmers, and the intended article will probably not be read by the appropriate audience anyway .. but I'd still feel good if I wrote it.

 The summery is probably "Javascript + cookies = bad"

 Oh and after reading the source to the site, here's a fun link:


Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!