hrm, been a while. Mostly have been busy with stuff at work. On a positive note it looks like lully is finally back (knock on wood). We have the RAID up (25G) and mirror sync is in progress. Seems like that'll finish in another 12-15 hours or so. Gawd debian is really huge :-) For those interested, this is syncing from sourceforge at 200-300kB/s. Not sure if lully's bandwidth qualifies it for a tier-1 Debian mirror, but it's certainly not bad.

Trying to fix the db.debian.org security problem joey reported. Stripping tags seem to be the easiest, but it doesn't solve all problems. Unfortunately, "solving all problems" in the context of supporting all browsers (i.e. no cookies, no javascript) is rather difficult. (At least when your site uses multiple scripts....) The only thing I can think of right now is do redirects on the server side -- i.e. have one script run the other script and pass query strings to it via stdin. Sounds kludgy but should be perfectly safe. Unfortunately I'll be gone for a couple of days starting tomorrow, so I guess i'll just implement the tag-stripping for now.

Oh, and Shaleh, if you are looking for ugly Makefiles, look no further than boot-floppies! :/