Programming


SQL injections are something you have to worry about with every web application you build. As I am right now building a now website (going to be my first Ruby on Rails project) this article on unixwiz came up at just the right time: SQL Injection Attacks by Example

Right now I am planning a small fun project using VNC and thus was looking for a vnc server implemented in perl. I did know that there is a vnc client implementation with Net::VNC (which has never turned out to workfor me), but I could not find a module that creates a vnc server. A quick google search revealed perlvnc, a vnc server implementation as a perl module built by someone in Israel (unfortunately there is no imprint on the webpage or any author information in the files). The download contains three perl modules and two example files: one creates a small window and changes some colors when you click into it (this does not work on my machine) and the other one simulates the Game of Life in a vnc window.
The project is to be considered alpha and has a long list of planned improvements but it looks very good.

Technorati Tags: , , , , ,

Thinkgeek Gadget for GoogleFor a long time Google has been offering so-called gadgets that you could put on your personalised homepage. Thanks to the gadgets you get the weather report, google video, digg news or a calender to your homepage. Not so long ago Google published a new feature: now it is even possible to put those gadgets on your real homepage.

Of course there are lots of official and even more unoffical gadgets in the directory, but you know what is missing? A gadget for Thinkgeek, the ultimate gadget store (to be exact: there are rss-feeds for thinkgeek you can add to your google homepage, but not real gadgets). So why not create one?

The Google API pages offer extended information on how to build a gadget. The main part of every gadget is a small xml definition of the gadgets properties, requirements and perhaps code. The recommended way of filling the gadget is by putting html and javascript directly into this xml file. Unfortunately I was unable to build my gadget that way because I always got a javascript error in the google code. As always the Google code is badly scrambled so I didn’t spend much time looking for the error. (Anyways, if anyone finds a solution to “ig_a[ig_g] is not a function” - send me a mail)

Another way to build a gadget is by simply specifying a url that contains the gadget content. After javascript didn’t work I went to build a simple perl script that parses the thinkgeek rss and generates an html output. This worked fine and the gadget now displays a random thinkgeekd product on every load.

If you want to give it a try, click here: Add to Google

This is not really news, but I just rediscovered this: The ultimate regular expression for email address validation. As far as I know this more than 6k masterpiece was originally published in “Mastering Regular Expressions“: Code at Text*Snippets

Since yesterday I’m a proud owner of a t-mobile sidekick II (also know as Danger Hiptop). I used to work with the previous model some years ago and was quite happy with it, so the second model was a logical choice.

Now I didn’t want to forward all my mails to the sidekick or fetch them via pop or imap (imap support on the sidekick is crap - it treats imap like pop and just fetches all mails, not syncing). A webmail client with pda interface was a logical choice and hastymail is such a solution: hastymail needs a simple webserver with php, ssl and imap support enabled and will then act as an imap client with web interface. Mobile clients like blackberry, sidekick etc. are automagically detected and get a simple small interface. It looked like the perfect solution and was installed in a matter of minutes.

Unfortunately logging in didn’t work at all from the sidekick. Each login attempt was answered with the message “There was a problem with your login, please try again”. From a regular pc everything worked fine. An indepth look at the code brought a solution: for security reasons hastymail will identify the user with a combination of his ip-address and his user-agent. That’s a great idea unless you are accessing the web via a proxy-server pool - like all sidekick users do. If you can afford a slight security trade-off you can modify hastymail so that only the user-agent matters for identification:

In “lib/session.php” change line 151 to look like this:

$_SESSION[’user_id’] = $_SERVER[’HTTP_USER_AGENT’];

And change line 360 as follows:

$_SESSION[’user_id’] != $_SERVER[’HTTP_USER_AGENT’]) {

This should do the trick and hastymail will now work fine from the sidekick.

Next Page »