advogato 33-2000-05-08-00-00

I was attacked by a bunch of foreigners today and forced to internationalize debconf. Thanks, guys. :-)

advogato 34-2000-05-10-00-00

I've been preparing for a talk at SacLug tomorrow and exploring the wonderous WikiWikiWeb. Wiki is what I've always wished the web was: content-driven, massivly hyperlinked. Great fun.

The temptation to write my own Wiki is strong. I'd like to convert my whole homepage and website into a wiki, and if I wrote my own I could add several features I'd like to have, that have to really be designed in from the beginning.

It's probably a bad idea though. I don't really grok the WikkiEssence yet.

advogato 35-2000-05-12-00-00

I see Shaleh has finally found advogato. Hey!

Shaleh and I enjoyed giving a debian talk in Sacramento yesterday. Today, I attended the local FreeBSD LUG; they were doing a discussion of FreeBSD and Linux and what differences really exist between the two (not the ancient "foo has better networking" stuff, real differences of today). It was a very interesting and flame-free discussion. I see Shaleh has posted an article about it.

I discovered multiple holes in the debian website today, only exploitable by debian developers though, mostly via client-side-scripting methods. It's being fixed as I type, but web security is such a PITA. Oh, and I just found a home in advogato, which I will be mailing raph about.

advogato 36-2000-05-13-00-00

I got my Vaio's hibernation working again - yay! Seems it was a victim of "I wonder what this file does -- let's delete it and find out" syndrome. Luckily fixing this was easy.

On the other hand, I now have a 128 mb file in /dos that contains the full contents of memory as of last hibernation. So I'll have to repartition fairly soon anyway to move that to someplace a little less visible.

I spent most of today writing HTML::Sanitizer, a perl module to sanitize untrusted html code by removing all tags except a set you specify, and all tag attributes except sets you specify.

It also removes all traces of javascript. This is suprisingly hard -- not only can javascript lurk inside <script> tags, but there are html javascript entities, and even a way to embed javascript inside any tag attribute that is used as an URL. I regard embedding such a major source of security holes into the html spec in such a myrid of ways as very irresponsible -- and I wonder what other stupid html extentions out there I should make my code deal with.

I wrote this because I needed it for a web site I am designing and I could find no equivilant library for perl. Of course numerous sites like advogato and slashdot address these problems with ahem varying degrees of success, but doing it in a independant library seems like a better solution. If anyone knows of any other code that deals with this problem, preferably general-purpose code in a library, I'd really like to examine it.

advogato 37-2000-05-16-00-00

This weekend I did a lot of hacking on my WikiClone. It's approaching usability, and the cvs backend is working great. I spent some time trying out other WikiClones for ideas; I seem to have all of them beat in the WayBackMode department. Next I am going to add either tagging or (possibly) branching support. I think branching probably detracts from the WikiEssense though.

My wiki is currently about 120 lines of code, plus another 200 lines in plugins. It seems that most wiki implementations are basically small.

This got me thinking about what a small change a wiki is over the regular web. We were so close back in 1994 -- and it slipped away and turned into the general mess (advogato nonwithstanding) the web is today.

'Scuse the periodic I-Hate-The-Web drivel...

I was fairly productive today, got a lot of support utilities written for i18n of packages that use debconf, and a fair amount of bugfixing done.

I am fed up with people who pop up on some Debian list with a gripe about the GPL. Why does Debian attact these boring discussions? Mail RMS -- sheesh.

advogato 38-2000-05-17-00-00

I spent some time this evening researching cookies. I found interesting things like this ancient security hole in netscape and IE, that lets two web sites on unrelated domains both see the same cookie. This was discovered in late 1998 and is still not fixed in netscape.

Or, take the cookie RFC itself, and perl's CGI::Cookie module, which claims to follow RFC 2109 but violates it in (at least) 4 different ways. Of course, I doubt this matters, since netscape has not been updated to support RFC 2109 at all anyway.

Sigh. Rant Rant Rant.

advogato 39-2000-05-28-00-00

If anyone knows where a Palm V (or Vx) ccan actually be bought in the next 2 weeks, please tell me. I am buying one as a graduation present, and I've waited too long. It seems there is a terminal shortage of Palm V's, and the 30 or so places I have chacked all have them on backorder. Not being a Palm user, I have no idea why.

I did a lot of shopping today, including finding a carrying case for my laptop. It's not really a laptop case, just small leather case you'd put a small (paper) notebook and other business-type stuff in. It's a perfect fit though. I'm glad I was able to find a case so easily: I had thought it might be rather tough, as my laptop is rather small. :-)

Nothing much of interest has been happening lately.

advogato 40-2000-05-29-00-00

Still trying uncessfully to find a Palm 5. I wasn't willing to pay $80 over the list price on ebay, or I could have had one.

I spent some time today trying to get a handle on what security fixes have been going into debian lately, and why nobody has bothered to issue security fixes. Argh.

Seth, thanks for reminding me about Deep Breakfast. I'd forgotten I even owned it, and am enjoying it all over again. My musical tastes has been really slow to develop (or I've just had a really hard time finding music I like), but I've always enjoyed this album. I should buy it on CD, I'm sure that'd be much improved.

advogato 41-2000-05-30-00-00

Running around like crazy trying to prepare for my trip, and simulantaneously publish Debian Weekly News.

Sean Perry, you rock. If anyone else has been uncuccessfully looking for a Palm V[x], check out the chain of stores called Franklin Covey.

I seem to have managed to annoy Wichert. That's a first.