Back to Top

Thursday, January 04, 2007

Mixed links and commentary

The Perl Golf contest has ended and I have to admit I don't even understand the winning entry so I couldn't have written it. To my defense: I've been only programming in Perl ~6 months, so I can't expect to be a guru. On the flip side: I can't even get the winning program to run. If I create a .pl file, the interpreter complains that it has syntax errors. If I run it from the command line (like perl -pl s!.!y$IVCXL426... it doesn't do anything. I've written to the organizers for help and I'll post here any explanation I receive / discover. Maybe even a full analysis of the program. (Yeah, right, like I'm able to understand it)

The www4mail service I've written about earlier doesn't seem to work, as I got a Delivery Status Notification (Delay) back. However the other address mentioned works (as I said it has a delay of ~10 minutes).

Are Blogs the new Forums? - in some way yes. I think were many forums failed were the incredibly long registration pages (if you've been through a phpBB registration, you know what I'm talking about: the long line of options you don't change because you don't care or don't understand - you're only wish is to post an answer or a reply and here comes this long page you have to fill out, or even worse - wait for a confirmation e-mail). Newer forum software like Vanilla are much better at this. Vanilla also uses javascript in a sensible manner to speed things up (however it still works very well with no javascrip) and has a mechanism for plugins other than edit this and that file (known from phpBB). It also has hopefully less exploits. Returning to the original question: one major improvement would be if all the blogs were to offer the option to subscribe to the comments via e-mail (because I won't add yet an other feed to my reader just to see if the owner replied). Unless this feature is added, the blog will remain a restricted social medium. There is also the problem of trackbacks.

There is a dangerous vulnerability in the plugin part of Adobe Reader (the part which makes it possible to view PDF files inside of your browser), which makes arbitrary XSS possible: SANS, PHP Security Blog. One more reason to use FoxIt Reader if you're on Windows (it's free and it's as fast as the old Acrobat Reader 4.0, but without all those vulnerabilities). If you are a site owner hosting PDF files and you don't want to become a target or means to attack, make sure that your clients are forced to download the file. Add this to your Apache configuration (taken from the comments at PHP Security Blog, didn't try it myself):

SetEnvIf Request_URI "\.pdf$" requested_pdf=pdf
Header add Content-Disposition "Attachment" env=requested_pdf

Running as limited user under windows receives much less attention than it deserves. Here is a rather old PCMag article. I have to say that I use a limited user account daily and didn't run into major problems. Also here is a list from Microsoft with programs that have problems with limited accounts. It too is also rather dated and curiously most of the programs seem to be games.

Some scary stuff from the DailyWTF. Funny, but scary.

Google Reader added a statistics feature where you can see how much time you wasted (I mean spent :)) reading your feeds. Very nice.

Three cool links via Ajaxian: Fooplot - function plotting with Javascript - cross browser compatible!, a bookmarking system and the JSON vs XML debate.

Google remove the tips Blake Ross complained about (with good reason I might add)

The Road to Enlightenment is Littered with Irritating, Superfluous Parentheses. Favorite quote:

I continue to be struck by the harsh reality of the often-asserted, but seldom-accepted, truth that most of the great work in software was indeed done very early on, with virtually no further fundamental progress having been made during the past couple of decades.

because it is so true.

DomainTools - very useful, like DNS Stuff

The Superhero personality quiz - looks fun, have to try it

1 comment:

  1. regarding comment feed subscription - have you tried out comment aggregation services like that's what i use to keep track of the comments on posts i've commented on... it even has a feed for showing updates to the 'conversations' it's tracking for you... it doesn't work for 100% of all blog platforms out there but certainly for a great deal of them...