2007/10/13

Python and comma

The problem - there was a tuple:
t = ("abc", "def")
Somwhere inside the program was an instruction:
something = t[0]
and then
something
returned "abc".



Some time later it turned out that "def" was not necessary
in t so was modified:
t = ("abc")
and sowhere inside the program instruction
something = t[0]
made that something returned "a".

It was Bad.

Why that happened?

Beacuse t was not a tuple anymore, it became a string. Instruction t[0] returns first item in iterable so it returned "a" for us.

What was ommited?

A coma.

After the change it was (bad):
t = ("abc")
instead (good):
t = ("abc",)

The coma creates a tuple. In our case consisting of one item, but still the tuple.

2007/10/07

Comments for not logged in users activated

Comments for not logged in users activated on site http://places-to-visit.info.

Comments are welcome.

This article The Myth of Login was an impulse to rethink our design decision. Thanks.

2007/10/03

Security hole - text buffer, middle mouse button, Firefox

The scenario:
  1. The User has opened window of the Firefox.
  2. The User selects some text on the terminal window by draggin mouse cursor with left mouse button pressed.
  3. The User inserts selected text into it's intended location using mouse middle button.
  4. The User does a lot of other things. And some time later.
  5. The User presses mouse middle button over opened Firefox window.
  6. Firefox tries to load web page using text pasted in step 5.
What have we got? An unintentional and, maybe, serious information disclosure.

In my case in the text buffer was ip address of host from which somebody did something not friendly on one of my pages. I've pasted (intentionally, of course) this ip address as parameter for some command line tools. And forgot about the text buffer with ip address inside.
Some time later I've pressed mouse middle button while having mouse cursor over Firefox window. Firefox started loading web page from offending ip address.

What information was disclosed?
  • the fact that I've read logs on the server and found interesting actions and ip address connected with them
  • the fact that I've done something with this address
  • most important, my own ip address
One can imagine more dangerous scenarios.

It's a word of caution, mostly for myself.

Update: to switch off Firefox behavior described in 6.: on page about:config set value middlemouse.LoadContentURL to false and restart browser.

2007/09/30

Does a cat need a bottle cork?

Under entry Stało się. Mamy kolejnego mieszkańca.[It happened. We've got another resident. ÆrionÆteb asked the question "A po co mu ten korek? :P"[What use is this bottle cork for him?].

The questions seems important, so I'll try to answer it.

First answer:

1. A cat without the bottle cork. You can feel his claws. Now hidden, but ... .

2. Bottle cork arrives.

3. The difference. And the answer.

Second answer:
Ask not what the bottle cork is for a cat - ask what it is for you if your fingers' integrity is at stage.

Venice curiosities - part two

Venice curiosities - part two was added to the site http://places-to-visit.info.

2007/09/26

And Now for Something Completely Different

Our new resident. He was found yesterday.

He was taken to a vet, some drugs were administered, he was fed and most fleas were removed.

He is constantly changing his colour from dirty gray to ... have a look yourself.



2007/09/16

Venice curiosities - part one

Venice curiosities - part one added to the http://places-to-visit.info/ site.

Few thumbnails:









My assistant

I've got an assistant.

Now, when I'm writing this, he sleeps under the blanket. There is a bulge where he is covered.
The bulge moves slowly by the rythm of his breathing. He is able to sleep 22 hours per day, every day.

Pictures of him:






He is called Melek.

I'm not sure anymore if I (we) owe him, or the opposite.

Comments added to http://places-to-visit.info/

Comments for places added to http://places-to-visit.info/ site.

2007/09/09