Python and comma

The problem - there was a tuple:
t = ("abc", "def")
Somwhere inside the program was an instruction:
something = t[0]
and then
returned "abc".

Some time later it turned out that "def" was not necessary
in t so was modified:
t = ("abc")
and sowhere inside the program instruction
something = t[0]
made that something returned "a".

It was Bad.

Why that happened?

Beacuse t was not a tuple anymore, it became a string. Instruction t[0] returns first item in iterable so it returned "a" for us.

What was ommited?

A coma.

After the change it was (bad):
t = ("abc")
instead (good):
t = ("abc",)

The coma creates a tuple. In our case consisting of one item, but still the tuple.


Comments for not logged in users activated

Comments for not logged in users activated on site http://places-to-visit.info.

Comments are welcome.

This article The Myth of Login was an impulse to rethink our design decision. Thanks.


Security hole - text buffer, middle mouse button, Firefox

The scenario:
  1. The User has opened window of the Firefox.
  2. The User selects some text on the terminal window by draggin mouse cursor with left mouse button pressed.
  3. The User inserts selected text into it's intended location using mouse middle button.
  4. The User does a lot of other things. And some time later.
  5. The User presses mouse middle button over opened Firefox window.
  6. Firefox tries to load web page using text pasted in step 5.
What have we got? An unintentional and, maybe, serious information disclosure.

In my case in the text buffer was ip address of host from which somebody did something not friendly on one of my pages. I've pasted (intentionally, of course) this ip address as parameter for some command line tools. And forgot about the text buffer with ip address inside.
Some time later I've pressed mouse middle button while having mouse cursor over Firefox window. Firefox started loading web page from offending ip address.

What information was disclosed?
  • the fact that I've read logs on the server and found interesting actions and ip address connected with them
  • the fact that I've done something with this address
  • most important, my own ip address
One can imagine more dangerous scenarios.

It's a word of caution, mostly for myself.

Update: to switch off Firefox behavior described in 6.: on page about:config set value middlemouse.LoadContentURL to false and restart browser.