posts brought to you by the category “movable
type”
Das eez kaput! Sometime around 2002 I spaced the
entire database table that mapped individual entries to
categories. Such is life. What follows is a random
sampling of entries that were associated with the
category. Over time, the entries will be updated and then
it will be even more confusing. Wander around, though,
it's still a fun way to find stuff.
Movable Thoughts #21 : Removed -T from mt.cfg and
mt-send-entry.cgi
You can enable taint mode explicitly with the
-T
command-line switch. You should do this for daemons,
servers, and any programs that run on behalf of someone
else, such as
CGI
scripts. Programs that can be run remotely or anoymously
by anyone on the Net are executing in the most hostile of
environments. You should not be afraid to say
No!
occasionally. Contrary to popular belief, you can
exercise a great deal of prudence without dehydrating
into a wrinkled prude.
On the more security-conscious sites, running all
CGI
scripts under the
-T
flag isn't just a good idea: it's the law. We're not
claiming that running in taint mode is sufficient to make
your script secure. It's not, and it would take a whole
book just to mention everything that would. But if you
aren't executing your
CGI
scripts under taint mode, you've needlessly abandoned the
strongest protection Perl can give you.
The Camel
Book, 3.0
Movable Thoughts #20 : Your mother wears Google
boots
Subject: [google] I'm not sure I understand what you're after...
From: Aaron Straup Cope
To: Derek Powazek
Date: Wed, 19 Nov 2003 13:29:32 -0500
...exactly. But in an MT setup, you could just use mod_rewrite and
a
10-20 line Perl script :
# Stick this in a .htaccess file at the root
# of your website. Obviously, the USER_AGENT
# condition(s) would need to be adjusted
# accordingly
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/yer/mt-comments.cgi
RewriteCond %{USER_AGENT} GoogleBot
RewriteRule * - [forbidden]
# Or alternately, if you want to let
# Google archive the comments
RewriteRule ^/yer/mt-comments?id=(\d+) \
/mt-linkstripper.cgi?id=$1 [redirect]
I can't remember whether the comments are rendered as static files.
If they are then could also set up a 'special' template that loads
a plugin to do the same thing that the as-yet unwritten
"mt-linkstripper.cgi" does. At which point, the RewriteRule just
points to the new file (which makes your web server happier.)
Prime Minister Poutine : “I will have my money
for my fine and a joint in the other hand.”
Maciej Ceglowski : "...the Getty Center is the
architectural equivalent of a Barry White record."
David Cantrell : File::Find::Rule::Permissions.pm
Doron Rosenberg : The XSLT/JavaScript Interface In
Gecko
It's my birthday!
Best line of the game : "And the world laughs
together",
as yet another Brazilian player takes
a dive and plays the drama queen.
The dictified dictionary.com word of the day is :
exacerbate
Exacerbate \Ex*ac"er*bate\, v. t. [imp. &
p. p. {Exacerrated}; p. pr. & vb. n. {Exacerrating}.]
[L. exacerbatus, p. p. of exacerbare; ex out (intens.) +
acerbare. See {Acerbate}.] To render more violent or
bitter; to irriate; to exasperate; to imbitter, as passions
or disease. --Broughman.
web1913
exacerbate v 1: make worse; "This drug
aggravates the pain" [syn: {worsen}, {aggravate},
{exasperate}] [ant: {better}] 2: exasperate or irritate
[syn: {exasperate}, {aggravate}]
wn
The random pseudodictionary.com word of the day is :
nurple
Feeling rather blue.
ex. I'm feeling rather nurple
today.
The random pseudodictionary.com word of the day is :
connectamazoink
A certain ambiguous something used to connect
something to something else.
ex. "Get the connectamazoink," he said after
dropping the vase.
The dictified dictionary.com word of the day is :
probity
Probity \Prob"i*ty\, n. [F. probit['e], fr. L.
probitas, fr. probus good, proper, honest. Cf. {Prove}.]
Tried virtue or integrity; approved moral excellence;
honesty; rectitude; uprightness. ``Probity of mind.''
--Pope. Syn: {Probity}, {Integrity}. Usage: Probity denotes
unimpeachable honesty and virtue, shown especially by the
performance of those obligations, called imperfect, which
the laws of the state do not reach, and can not enforce.
Integrity denotes a whole-hearted honesty, and especially
that which excludes all injustice that might favor one's
self. It has a peculiar reference to uprightness in mutual
dealings, transfer of property, and the execution of trusts
for others.
web1913
probity n : complete and confirmed integrity
wn
Jason Diamond : Template Languages in XSLT
The random pseudodictionary.com word of the day is :
kabash
Killed, brought to and end,
finished.
ex. The project was finally kabash, and all
were relieved.
The dictified dictionary.com word of the day is :
peccadillo
Peccadillo \Pec`ca*dil"lo\, n.; pl.
{Peccadillos}. [Sp. pecadillo, dim. of pecado a sin, fr. L.
peccatum. See {Peccant}.] A slight trespass or offense; a
petty crime or fault. --Sir W. Scott.
web1913
peccadillo n : a petty misdeed [syn:
{indiscretion}]
wn
Barrie Slaymaker : Bootstrapping AxKit
From the "Step away from the computer" department
:
Hockey Night in Canada
The dictified dictionary.com word of the day is :
maudlin
Maudlin \Maud"lin\, a. [From Maudlin, a contr.
of Magdalen, OE. Maudeleyne, who is drawn by painters with
eyes swelled and red with weeping.] 1. Tearful; easily
moved to tears; exciting to tears; excessively sentimental;
weak and silly. ``Maudlin eyes.'' --Dryden. ``Maudlin
eloquence.'' --Roscommon. ``A maudlin poetess.'' --Pope.
``Maudlin crowd.'' --Southey. 2. Drunk, or somewhat drunk;
fuddled; given to drunkenness. Maudlin Clarence in his
malmsey butt. --Byron.
web1913
maudlin adj : effusively or insincerely
emotional; "a bathetic novel"; "maudlin expressons of
sympathy"; "mushy effusiveness"; "a schmaltzy song";
"sentimental soap operas"; "slushy poetry" [syn:
{bathetic}, {mawkish}, {mushy}, {schmaltzy}, {schmalzy},
{sentimental}, {slushy}]
wn
J. David Eisenberg : An SVG Histogram [in Perl]
Jon Udell : Quick and Dirty Topic Mapping
Andrew Wilson : Mail::Address::Tagged.pm
"This module implements an object
that can generate and validate tagged email addresses. These
are designed to be used primarily in anti-spam applications.
The addresses generated all carry extra information, such as
the date when they expire, who may use them to send you mail
etc. A cryptocraphic hash of this extra information is also
included in in the address. This Hashed Message Authenticaion
Code (HMAC RFC 2104) is your guarantee that the information
contained in the address has not been tampered with."
The Connection : Art Spiegelman and Francoise
Mouly
"[T]he New Yorker's arts editor, have
been living for the past three months on the threshold of
unfamiliar images. In September, downtown New York was
eloquently captured by their collaboration, a black-on-black
New Yorker cover, broken only by one, now-ghostly antenna.
More images have followed, along with despair at their
inadequacy, and triumph at their ability to communicate the
deepest feelings in the simplest way."
The 'canadian', features a helmet of fine bacon
and a chin-strap of sausage links."
via
mesh
Graham Klyne : "I've found it easier to use Notation 3
[1] to create arbitrary RDF content
"in a text editor, then use cwm [2]
to convert it to RDF/XML. For example, my current WebWho
profile source is at [3], which generates the RDF/XML [4]."
see also :
RDF::Notation3.pm
Brian Wilson : Mail Management With Mime::Tools
"Recently I had a thought: Why not
save any attachments and make them immediately available on
the Web server? Then by replacing the attachment with the
appropriate URL in the outbound email message, each message
recipient could decide whether or not to download the files."
see also : Using Perl to
send email (and attachments) with Outlook
The dict-ified dictionary.com word of the day is
billet
| source : web1913 | Billet
\Bil"let\, n. Quarters or place to which one is assigned, as
by a billet or ticket; berth; position. Also used fig.
[Colloq.] The men who cling to easy billets ashore.
--Harper's Mag. His shafts of satire fly straight to their
billet, and there they rankle. --Pall Mall Mag. | source :
web1913 | Billet \Bil"let\, n. [F. billette, bille, log; of
unknown origin; a different word from bille ball. Cf.
{Billiards}, {Billot}.] 1. A small stick of wood, as for
firewood. They shall beat out my brains with billets. --Shak.
2. (Metal.) A short bar of metal, as of gold or iron. 3.
(Arch.) An ornament in Norman work, resembling a billet of
wood either square or round. 4. (Saddlery) (a) A strap which
enters a buckle. (b) A loop which receives the end of a
buckled strap. --Knight. 5. (Her.) A bearing in the form of
an oblong rectangle. | source : web1913 | Billard \Bil"lard\,
n. (Zo["o]l.) An English fish, allied to the cod; the
coalfish. [Written also {billet} and {billit}.] | source :
web1913 | Billet \Bil"let\, n. [F. billet, dim. of an OF.
bille bill. See {Bill} a writing.] 1. A small paper; a note;
a short letter. ``I got your melancholy billet.'' --Sterne.
2. A ticket from a public officer directing soldiers at what
house to lodge; as, a billet of residence. | source : web1913
| Billet \Bil"let\, v. t. [imp. & p. p. {Billeted}; p.
pr. & vb. n. {Billeting}.] [From {Billet} a ticket.]
(Mil.) To direct, by a ticket or note, where to lodge. Hence:
To quarter, or place in lodgings, as soldiers in private
houses. Billeted in so antiquated a mansion. --W. Irving. |
source : wn | billet n : for military personnel (especially
in a private home) v : provide housing for, of military
personnel [syn: {quarter}, {canton}]
Le Devoir : Internet donne un second souffle à
l'espéranto
"L'anglais de base est facile, sa
phonétique ne l'est pas. On entend très bien les accents des
gens quand ils parlent anglais, pas en espéranto. Et ce n'est
pas une langue neutre: elle est le symbole d'une identité,
d'une culture, et elle marque une supériorité. Pensez-vous
que vous discutez d'égal à égal dans un congrès international
où se trouvent des Britanniques ou des Américains? L'anglais
est la deuxième langue de tous les autres qui doivent, eux,
faire des efforts, se concentrer. Avec l'espéranto, tout le
monde est logé à la même enseigne: tous doivent l'apprendre.
C'est la langue de l'égalité, qui ne nuit à aucune langue
nationale."
James Spahr : NewsFeedsPalm
"is a very simple tool for Radio
Userland. It publishes your Userland On the Desktop content
to a website that is ideal for Avantgo Channels. It basically
puts Userland On the Desktop on your Palm."
David Helder : DiaWebLog
"is an interface between IRC and a
web log. The DiaWebLog consists of items. An item consists of
a title, url, and comments. Items are posted and edited by
member of the IRC channel by interacting with the
DiaWebLogBot."
Sightings : stop, art
The dict-ified dictionary.com word of the day is
effusive
| source : web1913 | Effusive
\Ef*fu"sive\, a. Pouring out; pouring forth freely. ``Washed
with the effusive wave.'' --Pope. {Effusive rocks} (Geol.),
volcanic rocks, in distinction from so-called intrusive, or
plutonic, rocks. -- {Ef*fu"sive*ly}, adv. --
{Ef*fu"sive*ness}, n. | source : wn | effusive adj 1: uttered
with unrestrained enthusiasm; "a novel told in burbly panting
tones" [syn: {burbling}, {burbly}, {gushing}] 2:
extravagantly demonstrative; "insincere and effusive
demonstrations of sentimental friendship"; "a large gushing
female"; "write unrestrained and gushy poetry" [syn:
{emotional}, {gushing(a)}, {gushy}]
Chris Nott : The 1k DHTML API
Ryan Rempel : Installation Instructions for Mac OS X
OldWorld Support
"Installation is somewhat complex. In
effect, we need to add kernel extensions to the
/System/Library/Extensions directory on the Mac OS X
installation CD. Since we can't do that, we'll do the next
best thing: we'll make a copy of the installation CD on a
hard drive, and add the kernel extensions there."
Jouke Visser : My Way
Tim Bray : "Because once you've got an XML-based
application interface that runs over HTTP,
and you've documented the XML
vocabulary, you've invented an API. Yes, you could dress it
up with additional layers like XML-RPC or SOAP, and that
might be a good idea, but there's really not that much need;
an HTTP-XML interface is one of the easiest things in the
world to do application integration with. ... Most important,
you need to create some well-written human-readable
documentation explaining what the tags and attributes mean
and what goes inside them. Once you've done this, you've
provided an interface that any reasonably-competent
programmer in the world can deal with." see also :
XML structures for existing databases
.
Oooh!
Kip Hampton : Creating Web Utilities with
XML::XPath
You crazy fuckers.
What E.T. merchandising?
Make Lego not war
"A user is able to give high-level
commands through the PC, such as "make three cars", and see a
sequence of actions and operations automatically unfold in
the LEGO factory." Does this mean Lego is the enemy within?
Eat your heart out
Bill
Joy
. via
screenshot
Ivan Kohler : Net::SSH.pm
YULblog : We've had a long love affair with our
mountain
Unfortunately, no mention is made of
the most popular urban legend these days : that, following
the one million dollars spent to install fiber optic lights
several years ago, the cross will turn purple when
the Pope
dies.
Thomas Scoville
"Later, I reflected, maybe the
problem is that the Turing Test just isn't so relevant
anymore. Perhaps it's just a charming theoretical
anachronism, an artifact of a distant time ... in which
computers themselves were mostly theoretical. In this new
millennium of wireless communications and ubiquitous
computing, maybe the big challenge isn't for a computer to
simulate a human. Maybe the real challenge is for people to
prove they aren't machines."
I'm not one for single-issue voting,
Things to do on Canada Day :
National Post : The skeletal spatulas moved in spastic
disunison
"like the legs of some waking beast
preparing to lurch toward the unsuspecting spectators.
Children cried. Old women squinted. It was almost meal time.
... 'Sometimes,' she continued conspiratorily, 'we use maple
syrup.' But before she could go on, several other chefs
rushed up and hushed her. Just as well. If she had said any
more, they probably would have had to kill me."
NY Times on Freenet
and "near prefect anarchy".
The Spire Project
"Don't talk to me of passive
absorption and serendipity. I want results. Answers. Even to
questions I can't quite articulate." via
the tireless
one
.
Jacques Parizeau
"[It means] Toronto is buying
Montreal. It's not a question of nationalism - it's the
character and identity of culture in the marketplace."
This Morning talks to Robert Rabinovitch
president of the CBC, about the
future of "The Corporation". (real audio)
They say that packaging is everything
While I was in New York City
Shirley L. Thompson : Why the public must fund the
arts
"The modest support from the Canada
Council to young artists has frequently paid off in spades.
In film, consider Atom Egoyan, David Cronenberg and François
Girard. In literature, dance, music, theatre and the visual
arts, the list could go on and on. As Margaret Atwood pithily
said: 'If anyone says these were free handouts at the expense
of the taxpayer, I'd tell them to stuff it up their jumper.
The taxpayers didn't just get their money's worth. They got
way, way more.' "
Stéphane Baillargeon : Le baroque en 3D
"Dans le fond, le baroque, c'est
l'émergence de la ville moderne, avec l'hôpital,
l'orphelinat, la caserne, le palais du gouvernement, résume
Guy Cogeval. Le baroque, c'est l'intrusion du mouvement dans
la ville..."
Everyone loves his work
Bernard Buffet 1928 - 1999
"C'était l'un des peintres français
les plus connus, et probablement le plus contesté. Bernard
Buffet s'est suicidé, lundi 4 octobre, dans sa propriété de
Tourtour (Var), à l'âge de soixante et onze ans."
Peter Drucker : Beyond the Information Revolution
Image Magick Studio
A most excellent tool for those
wanting to build the web
with the
web
.
The Annotated Watchmen
Why does it matter
Le Monde : Internet, le déstabilisateur incertain des
médias
"Au moment où les nouvelles
technologies de la communication bouleversent l'univers des
médias, n'est-il pas nécessaire de penser les moyens
permettant de freiner les dérives ou, au moins, de tempérer
les effets pervers des plus récentes «révolutions de
l'information» ?"
Perlmonth
Clive Thompson : Why Your Fabulous Job Sucks
"Chained to their keyboards, working
far longer hours than they are paid for and blurring the
boundaries between their jobs and their lives, digital
employees paradoxically present the kind of compliant
workforce that would have pleased Henry Ford, Nelson
Rockefeller and probably Chairman Mao." via
slashdot
.
Avril Benoit gets evolved off of This Morning
wtf?
-
dude, where's my car
This document uses
CSS
kung-fu and a small amount of JavaScript for rendering
its contents. Efforts have been made to separate the
form from the content so if you are viewing this in a
text-based browser it shouldn't be an issue.
On the other hand it may look funny if you are
viewing it in a browser with incomplete
CSS
and/or JavaScript implementations. Internet Explorer 6
comes to mind.
It's not that I don't love you. However, my time is
limited and I no longer feel very good about spending
it working around any one browser's inconsistencies
with little, or no, confidence that they will ever be
fixed or otherwise made more inconsistent at some later
date.
On the other hand, if something is down-right
unreadable
please let me know and I will endeavour to fix it.
-
yes, we have no bananas
This page may not validate. It's not that I don't
care, it's just that I'm not aware of it yet. Part of
the reason that I rewrote the entire back-end for
managing this site is that the old stuff made it too
easy for these kinds of mistakes to slip through the
cracks.
See also :
W3C::LogValidator.pm
-
it's the software, stupid
Use the source, Luke.
Prompted by all the talk about using Movable Type as an open relay for spammers, I decided to poke at the actual code and see what was going on.
There really isn't anywhere that Movable Type should be disabling taint mode but if I had to list things in order of importance, the mt-send-entry.cgi script would be near the top.
The script is potentially handing off to the sendmail program whose entire existence has been marked by security exploits. There is nothing to suggest that more won't be found in the future. Relying on sendmail to test for Potential Badness being passed by a ne'er do well via the Internet is wishful thinking, at best, and just plain crazy, at worst.
In fairness, the Movable Type mail widget tries to load Mail::Sendmail which does some basic sanity checking and, drumroll, untainting on the stuff you pass it. On the other hand it is not part of the core libraries shipped with Perl, nor is it in Movable Type's extlib directory which is a mystery since two thirds of it's dependencies are part of and the other third has no non-standard requirements itself.
Untainting email addresses can be brain-crushingly difficult and inaccurate and the last thing you want to do when you're selling a computer widget for non-techincal people is start spewing errors where there are none. But not only did the Movable Type kids disable the
-T
flag on the mt-send-entry.cgi script they don't appear to have ever done any kind of untainting on theto
andfrom
parameters. Hello? Is anyone home?I find this especially discouraging because one of the first things I did when Movable Type was released was send Ben code to at least try and untaint email addresses .