Checksum Arcanius

The more I learn about the Unix security system, the more amazed I am with how well it accomplishes so many taks while remaining very lightweight with just 12 bits of permissions per file. With my newfound better understanding of the setuid and setgid bits, specifically at how they behave differently when applied to directories and files, I am now starting to think I have a pretty good grasp of how the Unix security scheme works, and how to make it both high security and highly usable. User Private Groups is in my view the best way to set up a user-friendly filesystem that allows for higher-than-average security and higher-than-average usability for webmasters.

The website of the Titan Robotics Club uses the ColdFusion Meta Language (CFML) to generate and display its dynamic content. I posted earlier about how ColdFusion was an easy language to learn, and that it seemed semantically powerful, able to accomplish a lot in not too many lines of code. While that is still true, there seems to be a dark side to the ColdFusion story or at least that of our current host, readyhosting.com. It seems that of the server’s stability leaves something to be desired, especially on start-up. For example, if you are te first person to visit the site after some period of time and (at least this is what I speculate happens) the ColdFusion interpreter has shut down, you are greeted by a hideous page with SQL statements and unprocessed cfoutput statements, which is hopelessly ugly. Occasionally when just reloading the home page, you will witness the same phenomenon. Needless to say, we can only hope this doesn’t happen when a judge is around. So, to hopefully minimize the chance of this happening, I created a shell script that, every 30 seconds, reloads the home page, and logs whether it recieved a “big” (correct) or a “small” (incorrect) version of the page. This way, the command interpreter should remain active (hopefully) and I’ll get statistics on how often the page loads incorrectly, even after a “hot” start. Nothing like hard data with which to confront your host (or should it be Macromedia?) .
Read the rest of this entry »

The internet went down today. More precisely, my internet went down today, but thats pretty much the same thing. After my counterstrike game froze, and then web pages started timing out on another computer, and I could no longer contact my router, I knew something was up, so I sauntered on down to look at my WRT54G, a wonderful peice of equipment by Linksys that has served me very well. It looked like a scene from a bad sci-fi movie. The lights on the front were blinking randomly, and a red LED marked “Diag” flashed ominously. Except for beeping sounds, and the camera zooming in on the LED (although my eyes did a fairly good representation of this, if I can say so myself), all the bad sci-fi movie elements were there…

Anyway, after I pulled the plug to restart the router, adjusted the antenae jsut so, and returned to my laptop, things still weren’t working quite right. Its then that I noticed a new wireless network, called “linksys” with good signal quality. Wait a second…

Indeed, the WRT54G bit it hard. This was no soft reset, but hardcore no recovery, all-settings-lost, start-over-from-scratch reset.

In other news, the Sonics won, and Firefox remembers form information, so setting up the same port redirects that I had before was remarkably easy.

The usual experience when submitting forms and recieving errors, is that one can click “Back” (or, as I most often do, hit my backspace key), and the just-submitted form will still have the info you just submitted entered in, so all you have to do is change the offending field, and resubmit. Take, for example, my comment spam protection idea – now implemented by several people. If a real human forgets to check the “I am human” checkbox, they see a rather blank looking page with the text “Error: You are inhuman scum!”

“How dare you insult me, Arcanius!” They wonder aloud, as they click back (or if they are cool, like me, they use their backspace key), to figure out why I am insulting them. But then – gasp – the 15 page comment they meticulously crafted in the small textarea box is gone – apparently forever.

I have lost more than one comment this way to wordpress. The question is, where does it go? Its not just a Firefox thing – IE looses the comment too. I suspect that it is related to the die() command, but I have no idea why. Or perhaps someone more skilled than I am in the behavior of WordPress, or Web Forms, or something or another, can inform me as to what is really going on here.

Tim and I recently committed ourselves to revamping the wonderful but aging website of the Titan Robotics Club. The site won last year’s “Best Website” award at the Pacific Northwest Regional, and with good reason. Pedro, the webmaster of over two years, spun up a nice looking, feature-rich website. Sure, there’s a mondo security hole (I’ll disclose the nature of it later, when the site is no longer running), and there were a few incomplete or dubiously useful features, but the big things were all there an worked wel, and the site has been great so far.

However, a revamp is in order. So when Tim agreed to work on I site, I was overjoyed, and I, being the dolt I am, of course decided to pitch in as well. It was at this point that I remembered how long its been since I did any database-driven website design. When I started thinking about it again, I began to remember how hard it is to get the right balance of functionality and flexibility. I was struck by how amazing Pedro was for the websites he created. You can read the archives of (or even subscribe to) the TRC-web mailing list for more updates, although I will probably post more here as things get moving as well.

Ever since I read the article Cool URLs don’t change, I have wanted to try out extension-free URLs. However, the few times I attempted, my .var files, as outlined in Apache’s online documentation on the subject, didn’t seem to be working very well. So I finally read further down that page and came across an alternate method of achieving the same ends: Options MultiViews. I quickly wrote myself up a .htaccess file, and voila: you can access files without their extensions now, like http://arcanius.silverfir.net/wp/index. Apache automatically searches for matching files and serves the best one it finds.

The reason behind doing something like this is that, for example, one can change server technologies (although I’m not about to switch from PHP), without changing URLs. For example, the above link would point equally well to index.html, index.php, index.asp, index.jsp, index.InsertServerTechnologyHere, etc. Likewise, one can use a similar methods to automatically switch between image technologies, because checksum-arcanius-banner points equally well to a .png (which it is) or a .gif, or a .jpg, or any new image technology that might come along.

So, MultiViews is a good thing, in my View. Oh my goodness I’m hilarious!

From adot’s notblog via Bernie Zimmermann, I learned that Adobe had released Acrobat Reader 7. And everyone’s biggest complaint has been adressed: it is much faster. No longer do you have to dread accidentally clicking a pdf link. It was so bad with version 6 for me that I disabled the plugin version, so I wouldn’t have to face the frozen browser syndrome while the acrobat reader of death opened up. Now, I might switch back – its hard to tell, as I’ve gotten used to saving the things, or having more of my screen to see them with. But at least Adobe Acrobat Reader 7 is fast enough to make the decision possible again.

Anyway, to make it easy for you, here is a link to just acrobat reader, with no extra installtion junk attached (like Yahoo companion, etc).