Posted in osx
Sat, 12 Aug 2006 19:05:00 GMT
Let's face it, testing a website with OS-X's Safari browser can be difficult if a Mac doesn't happen to be available. Many developers only have non-Apple Intel-based hardware and run both Linux and Windows which allows for testing of Firefox and IE. Unfortunately this doesn't work for Safari because:
Read more...
3 comments
Posted in typo
Fri, 11 Aug 2006 18:37:00 GMT
Now that this site runs both MediaWiki and Typo, I need to decide what to post where. Unfortunately I want to continue running both because they each have their advantages but ideally I could just run one, at least externally facing. These are some of the features I like of both MediaWiki and Typo which makes it hard to choose one over the other for all my posts. As a disclaimer, this is a personal wiki so I won't be discussing multiple users. The below lists the pros for each, If it's listed it means the other one doesn't have it ;)
Read more...
4 comments
Posted in dreamhost, svk
Fri, 11 Aug 2006 01:50:00 GMT
I just posted my Installing SVK on Dreamhost notes on the wiki. I wasn't able to find any information on installing SVK, or Subversion with its Perl bindings for that matter, on Dreamhost so I took the time to work through it and document it (mostly because I believe SVK is essential to running a modded Typo). The end result looks pretty straight-forward but it was a reasonably time consuming process to backtrack all the errors, nail them down and find out if they are worth worrying about. In the end, the test failures weren't important but I wasn't willing to trust the SVK/SVN install without knowing for sure.
I was eager to get SVK up and running because it seems to be the popular way to keep one's private changes up to sync with a public repo. This is especially important for my Typo install as I have numerous Typo mods that I want automatically merged with new versions of Typo. Just recently we've had Typo 4.0.0, 4.0.1 and 4.0.2. I've been reluctant to make so many changes due to the manual merging I do now. Edge Typo and SVK, here I come!
Apparently Site5 doesn't come with SVK either so you can try to use this there. TextDrive, however, does come with SVK pre-installed.
no comments
Posted in rails, security
Thu, 10 Aug 2006 17:20:00 GMT
A couple of people have blogged about their use of the "elite hacking tool diff -r" to identify the problem solved by the Rails 1.1.5 Mandatory Mystery Patch. The problem is that Rails accepted LOAD_PATH as a HTTP request header with any file upload so a hacker could upload ruby controllers and then execute them by accessing the newly exposed URIs. This is discussed by Kristian Köhntopp and Evan Weaver.
Read more...
3 comments
Posted in rails, security
Thu, 10 Aug 2006 15:37:00 GMT
People are reporting a Rails 1.1.5 routing vulerability where accessing certain URIs will crash Rails. The problem has been reported on Mongrel, WeBrick and FastCGI. Piers Cawley is working on an explicit routes fix for Typo and discusses the issue on his blog. This has not been mentioned on the RoR blog yet. Good thing for public forums.
Read more...
no comments
Posted in typo, rails, security
Thu, 10 Aug 2006 06:14:00 GMT
It was recently announced that Rails 1.1.0, 1.1.1, 1.1.2, and 1.1.4. have a very serious security hole. Although the RoR blog hasn't discussed exactly what the hole is, it has been rumored to involve uploading of .rb files to execute arbitrary code on the server (UPDATE: now confirmed). Typo only allows file uploads by administrators so certain applications may be somewhat safer. (UPDATE: Running arbitrary code was fixed in 1.1.5 however you could still crash it. 1.1.6 has been released to fix these lingering bugs. Just change 1.1.5 to 1.1.6 below).
Read more...
no comments
Posted in firefox
Wed, 09 Aug 2006 10:16:00 GMT
It seems that Firefox's basic xml parser gets confused by xmlns and namespacing. Namely that if the feed is defined by:
<feed xmlns="http://www.w3.org/2005/Atom"
xmlns:default="http://www.w3.org/1999/xhtml"
xmlns:dc="http://purl.org/dc/elements/1.1/">
Firefox's basic XML tree renderer won't recognize the XML if the entry content is wrapped by:
<content type="xhtml">
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Show submenus depending on where your users are.</p>
</div>
</content>
Basically it confuses xhtml:div with atom:div. If xmlns is removed from the div, Firefox is fine.
People don't generally use Firefox's XML tree to read Atom and the W3C Feed Validator doesn't have a problem with it so I'm wondering if this bug exists anywhere else.
This shows up when using XML::Atom because it uses XML::LibXML, which explicitly adds xmlns everywhere.
UPDATE 1: I thought it would be useful to include the following:
The Atom spec (section 4.1.3.3 Processing Model) says:
If the value of "type" is "xhtml", the content of atom:content MUST be a single XHTML div element [XHTML] and SHOULD be suitable for handling as XHTML. The XHTML div element itself MUST NOT be considered part of the content.
UPDATE 2: Apparently this behavior may be by design. Not very useful IMO but perhaps intentional. I think it would be more useful to have some Firefox settings that let you switch to XML tree mode or apply a default stylesheet.
7 comments
Posted in catalyst, plagger
Thu, 03 Aug 2006 15:28:00 GMT
I just set up Planet Catalyst at http://planet.catalystframework.org to aggregate blogs about the Catalyst MVC framework. It is also linked from the main Catalyst homepage and Planet Perl so you can reach it from there. The planet is focused on articles related to Catalyst and friends which means it filters articles on catalyst, dbic, dbix(::|-)?class or html(::|-)?widget, h::w or handel (case insensitive). Let me know if there are any other topics of interest that should be included.
Planet Catalyst is powered by Plagger, a Perl-based RSS/Atom feed aggregator. Thanks to Tatsuhiko Miyagawa for writing Plagger and answering my questions on the #plagger FreeNode IRC channel. It was very easy to add filtering on keywords by specifying a rule in the config file.
If you have questions or would like a blog added, send email to the catalyst-dev mailing list, comment on this article or ask on #catalyst / #catalyst-dev perl.org IRC channels.
no comments
Posted in typo
Wed, 02 Aug 2006 23:32:00 GMT
I finally got around to upgrading Typo here to the latest trunk. At first I was waiting to upgrade to 4.0.0 (officially r1161) but decided to move to SVN after hearing about some post-r1161 bugfixes and it seems like a fairly common practice to run off SVN, at least for Typo. I've hacked a few changes onto 2.6.0 and had to manually merge the mods to r1181. Merging one's own mods to the trunk was discussed today on the Typo mailing list under the heading "Version Controling Modifications" and most of the respondents have their own mods and use Chia-Liang Kao's SVK to keep their mods synced with the trunk. Scott Laird has a number of articles on using SVK with Typo's repo. Seems like running off of the trunk with SVK may be a best practice for Typo installations.
Hopefully I'll be on SVK for my next upgrade since I had to manually update the following files this time around:
- app/controllers/articles_controller.rb
- app/helpers/application_helper.rb
- app/helpers/articles_helper.rb
- app/views/articles/_article.rhtml
- app/views/articles/_articles_toc.rhtml
- app/views/articles/index.rhtml
- app/views/articles/read.rhtml
- components/plugins/sidebars/category/content.rhtml
- components/plugins/sidebars/xml/content.rhtml
- config/routes.rb
- themes/azure/layouts/default.rhtml
I've moved all my Azure theme changes to a custom theme so the changes are easier to keep track of and don't interfere with the base Azure theme.
I've updated my Installing Typo article to cover SVN checkout, Feedburner customization and rake migrate. The Typo TOC How-to has also been updated for 4.0.0.
While code diving, I was happy to see lots of refactoring though the code is still pretty easy to follow and modify. Hopefully soon I'll be back to hacking more enhancements. I'm particularly interested in extending the sidebar functionality so groups of plugins can be positioned in multiple locations on the page, e.g. a 3-col layout.
Upgrade Gotchas
UPDATE: this section on Feed URIs seems to be inaccurate because I chose to use my old 2.6.0 routes.rb file. I didn't think the feed URIs would change. New approach: don't assume anything has stayed the same and move to svk.
Feed URIs: Typo 4.0.0 changes the feed URIs from 2.6.0 so if you have these URIs registered somewhere, e.g. Feedburner or LiveJournal, you'll need to upgrade your URIs. The new URI styles are:- http://www.dev411.com/blog/xml/feed/feed.xml?type=feed&format=atom
- http://www.dev411.com/blog/xml/feed/feed.xml?type=feed&format=rss20
For comparison, the 2.6.0 style is:- http://www.dev411.com/blog/xml/rss/feed.xml
Everytime this URI changes I need to file a support ticket at LiveJournal whereas on Feedburner I can change the URI myself. I've been wondering if I should just have LiveJournal use the Feedburner URI ;)
- Categories sidebar no longer alphabetized: My categories list was no longer alphabetized so I edited the components/plugins/sidebars/category/content.rhtml page from:
<% for category in @categories -%>
to
<% for category in @categories.sort {|a,b| a.name <=> b.name} -%>
- config no longer used in ArticlesController: If you used config, the code needs to be changed like this example:
config[:blog_name]
to
this_blog.blog_name
2 comments
Posted in dreamhost
Tue, 01 Aug 2006 08:56:00 GMT
If you are hosting at Dreamhost, you are better off letting Dreamhost host the DNS for your domain as well. This is because Dreamhost can change the IP of your server without notifying you. They will update their own DNS servers when this happens but this won't help if you if your DNS is being hosted elsewhere. Use their nameservers and you should be all set.
Sometimes when the DNS is pointing to the incorrect IP, you'll see the following error:
Site Temporarily Unavailable
We apologize for the inconvenience. Please contact the webmaster/ tech support immediately to have them rectify this.
error id: "bad_httpd_conf"
1 comment