I saw an impressive dome earlier this week from Andrew Tridgell at the Canberra Linux User’s Group of some of the work being done on the install process of Samba version 4. Basically, the first time you start up smbd (which didn’t look to need any actual installation steps) it starts up an inbuilt web server which will let you connect and start configuring it (right not you authenticate with the machine root user, but there’s ongoing discussion apparently). It’s a really nice way to get beginner sys-admins started without them hitting road blocks 5 times before they can even get started.
Over the last couple of weeks, a couple of other free software projects have impressed me with bit’s of their install process as well. I wouldn’t have dreamed of attempting to install Scarab since I’ve never done anything with Tomcat in the past, but then I discovered that it ships with it’s own integrated copy of tomcat. More than enough for my personal use, and it all worked quite cleanly (except for all those bloody environment variables). I was also quite pleased to find this Ruby on Rails install tutorial for Mac OS X used SQLite which ships as part of Tiger. Unfortunately they did force me to integrate with apache (I would have used the apparently built in WEBrick but have no real idea how). It could have been a lot slicker if it had just created the SQLite databases itself, but I guess I just love it when installing one thing doesn’t cascade on to 10 other tasks.
One of the guys at work has been looking for a little web server we can embed in our system to get people started, and ideally let us avoid messing with any existing apache installation, so hopefully I’ll get to see some of the implementation behind this stuff first hand.
20 Aug 2005 11:25 pm
Science and not-science
Intelligent design being taught as science?
People actually believing the whole Apollo moon hoax thing?
Is it just me, or is there something really wrong here?
Macromedia owes me 4 browser windows
I just installed the Flash 7 player, and was thinking back to my Linux install experiences. I might even have written something nice, but then I noticed my browser windows had vanished. I had obviously been expecting to have to restart the browser after then install finished, but just quitting it without asking me? !@#$%^&*
Now, I can understand the motivation. I’ve done usability testing on software like this, and I know the fewer things the user actually has to think about the better, but even just a warning telling me it would restart the browser would have done.
Let’s think about this though. Why does something install a new version of Flash? Because they went to a website which requires it, which told them they needed to install it perhaps? Now you’ve closed the browser and with it the site I actually wanted in the first place. I’ll go searching through my history for the site, but if you though most users would have trouble with a few extra dialog boxes in the install, how many are going to be able to use their browser history?
Of course, I’m also annoyed at Safari (and every other browser except OmniWeb as I understand it) for not reopening the windows after it was restarted, but perhaps there’s a good reason behind it.
Sigh…oh well, time to go and find them again I guess.
18 Aug 2005 07:12 pm
Referrers and HTML injection
I ran across a bit of obscure web app code today which returns the user a page containing the referrer provided by the browser. My initial reaction was that this opened the page up to HTML injection attacks, but I’m not quite sure how it could be exploited. From a bit of research, all I could come up with were references to systems which stored and returned the referrer (for those little referrer logs which used to be common in blogs). In this specific code however, the referrer is only returned the referrer to the original requester.
I have a feeling something could be crafted by getting the victim to go to a page with a controlled URL, then click a link through to the vulnerable page. I’m not sure, however, if this would work. Perhaps, for example, the common browsers stop this by URL encode the referrer URL. I’m not going to look into it seriously at the moment, and obviously the code is better off secured anyway, but it would be interesting to know if this is a problem.
AJAX and MVC
07 Aug 2005 07:42 pm
Modelling the problem
Maths seems to be one of those things I’ve always been quite good at. I have no illusions in that I know there are plenty of people better, better enough that I wouldn’t be worth a second thought, but I held my own well into university level maths. One thing I’ve always noticed is that people in the general public seem to see programming and maths as very strongly connected. I know, for example, people who’ve been surprised at someone going into computer science (and doing quite well as I understand) when they took soft maths (business maths, but it may be named differently elsewhere) in high school.
Stripping newlines from URLs
I just found out that Firefox has a preference to have all the newlines stripped when you paste a URL which stretches over multiple lines (via Jeremy Zawodny). This means that if you copy a URL out of an email which has been hard-wrapped to 72 characters (or whatever it is) and spans over multiple lines, everything will just work (instead out just giving you the first line of the URL).
Now, why on earth doesn’t every browser do this by default?
For what it’s worth, go to about:config and set editor.singleLine.pasteNewlines to 3 (1 is the default, 2 apparently puts spaces in place of the newlines).
05 Aug 2005 10:34 pm
Linux on my desktop
I started a new job a couple of weeks ago, and my main computer at this new job is running Linux, specifically Fedora core 4. At home I’m a mac user, but most of my past jobs have involved running a windows box to connect into Linux or Solaris servers, so I thought I’d put down a few thoughts.
04 Aug 2005 09:59 pm
Tagging and requirements analysis
What with del.icio.us and flickr and co, tagging seems to be very, very popular right now. The idea of building something to support tagging of latitude and longitude co-ordinates has been rolling around in my head for a little while, and now a site called tagzania seems to have implemented it. What I’d really like to see is something to calculate nearby items both in terms of real and tag space, but I guess that will come in time.
Another tagging related idea which has been rolling around in my head is requirements analysis. Traceability and maintenance of requirements in software engineering is frequently a problem, particularly in large projects for a number of reasons. One reason is almost certainly the difficulty of identifying exactly which requirements are affected by a certain change, and how requirements are interrelated. The problem with the normal documentation approach is that it only really allows for a single hierarchy. For example, you can group your requirements together by functional groups, or in conceptual groups (say, performance related requirements), but it’s quite difficult to create, and much more difficult to maintain, cross reference lists to create multiple hierarchies.