Categories
computing Imported From Epistula

AntiJavascript

gilmae mentioned this in a comment, and I give examples of why I’m stripping things from comments in comments, It Doesn’t Work. So here it is, The Problem With HTML.

First, some more basic problems. Aquarionics, being Neat, Cool, and generally Compliant, uses CSS for layout. It consists of various sections, set out in the code as <div> (DIVision) tags. This, for example, is in #content, which is slightly overlapping #header which contains the sweeping-curve logo. To the right is #cool containing Neatothings from the rest of the site. If I allowed all HTML in comments, someone could put in a few <div> tags and completely ruin the layout and readability of the site. Bad.

The same problem applies for Table-based designs with </td> tags. Those can really ruin someone’s day. So, HTML Bad.

PHP has a nice function called striptags(), which strips all HTML tags from a post except the ones you specify. “So don’t specify <script>” is the wise call, but it’s not that easy, because Javascript can be inside any normal tag. For example, I could have something in italics like this:

<em onMouseOver=“window.alert(‘Hah! You Lose!’)”>Go on. Touch me. I dare you, I double-dare you. I double plus infinity dare you</em>

Go on. Touch me. I dare you, I double-dare you. I double plus infinity dare you

Which isn’t exactly the end of the world, but it could be worse. I mean, it *could* be…

<em onMouseOver=“document.location=’http://www.goat.cx'”>Go on. Touch me. I dare you, I double-dare you. I double plus infinity dare you</em>

Go on. Touch me. I dare you, I double-dare you. I double plus infinity dare you

Or worse…

<em onLoad=“document.location=’http://www.goat.cx'”>Go on. Touch me. I dare you, I double-dare you. I double plus infinity dare you</em>

(No, I’m not putting that code in 🙂
And those codes will not get stripped out. The latest version of striptags() cuts out all “alert” type Javascript, but doesn’t recognise the more simple kind that changes an innocent variable. Like the document.location. So no HTML.

Categories
Imported From Epistula Personal

Oddness

So, it’s been a strange week. Well, seven days.
I mean, Thursday I went to see a play with my long-standing mate Barry, and my not-quite-so-long-standing Drama Teacher, which was nice. And it spoke in rhyme, and had Martin Clunes in it, and was actually very, very funny.

Later that day, I was dragged into a gay bar in Soho (Okay, I walked in calmly. It’s not as if I was unaware of where I was going). This is another thing entirely, however, and one I just mention in passing.

As it were.

Then came today. Today I will not even attempt to explain, but revolved around me walking out of a bank with a grand more than I thought I owned (Go Me) Straight into the push-chair of someone I knew vaguely from school. She was (still is, I suppose) a couple of years below me, just over 19

She’s married. And has a four month old kid whose name – I think, I was a little dazed – is Smidge.

Scariness

So I wandered back to the station, and ran into someone who I was at school with, who is now working for a local clothes shop as a Person Who Lifts Stuff, as far as I can gather. I told them both I was doing freelance web design, which is technically true. Eventually I admitted the lie to the first, who sagely handed me an application form for the local Unwins (Off-license) and informed me that McDonalds down the road were hiring.

Never have I been more motivated to find a job.

Walked – nay, ran – to the train station, avoiding eye contact with everyone on the street just in case it was another blast from the past.

Ordered the Moulin Rouge soundtrack and DVD from Amazon (Didn’t preorder Buffy 4 DVD. self control 1, Buffy Nil) and finally sent off for my Discworld Convention Membership. And I’m *still*

Categories
Imported From Epistula Personal

Job Seek

From an email today:

Windows’ Developer (Permanent)


Our client, named by a leading national daily
broadsheet as ONE OF BRITAIN’S MOST VISIONARY
COMPANIES, needs a commercially focused Software
Engineer with a difference!!!
*snip*
you’ll be delivering
tomorrow’s applications today, eradicating

Categories
Imported From Epistula Personal

Flash. Ahhhhhh

So I was given a copy of Flash, Dreamweaver, Director, and all those other things I should not, as a Real Coder, ever use. But I use PHP, I am competant in Visual Basic, and this is being written in Windows. Obviously I’m not a Real Geek.

So today, I have mostly been learning Flash. And in doing so have created a monster. Well, this, anyway. No, it isn’t finished. Yet. It’s broken in a couple of ways, but I’m working on it, promise…

Yup, the eggs are gone. The site went down, and it was only slowing the site down anyway. This month’s appeal is a whole new one. Go visit it… (Editors note, the site seems to be down, so the icon is gone for the moment. It will return)

In other things, I’m still searching for jobs, and no hope for that as yet. Looking forward to next weekend, when I get to see Lonecat again. Fun

Categories
AFP Imported From Epistula

Disclaimer

This is the disclaimer for SimExplorer. I liked it. Here it is:

By reading this comment, you agree to sell your first-born to Bil Simser of Calgary, Alberta, Canada, Earth and you agree not to quack like a duck while reading this comment. If it is discovered that you have quacked like a duck during the reading of this comment at any time, I reserve the right to sue you for damages. Damages, in this case, may be interpeted as all your money, your clothes, any first born children, your eternal salvation if you believe in such a thing, and anything else I can get away with.

You may not make illegal copies of this comment. Illegality of copies is determined by the laws of Estonia-on-Avon, a small principality covering approximately one half acre somewhere in Southern Alberta. A copy of these laws may be obtained by visiting Estonia-on-Avon, and asking Prince Bil to write down a copy for you. Punishment for illegal copies will also be left up to the Prince. You may not reverse engineer this software to attempt to discover the source code for use in your own products. If you wish to make modifications of this product, please contact me for further info. Infractions of this clause will lead to visit by a large man named Guido at late hours of the night.

This comment must be destroyed within 30 minutes of reading under full penalty of International law. You will be held responsible if this comment is not removed at the end of the appropriate time period. This agreement is not applicable in the states of New Jersey, Maryland, and Delerium or anywhere on the planet Earth.

This software is intended for individual use and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humor or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this software is not authorized (either explicitly or implicitly) and constitutes an irritating social faux pas.

Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals (especially moose) were harmed in the making of this software, although the cat next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this software in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.

Are you still reading this? Don’t worry, I said this agreement is not applicable anywhere on the planet Earth so unless you’re installing it from the International Space Station, there’s nothing to get your pantyhose in a knot about. I will not be coming to your house and taking your children, however, if you have a daughter of legal age and pretty cute to boot then we should talk.

blueprint, and all its components and related programs, is free software but copyright 1999-2002 by Bil Simser. All rights reserved worldwide, so there. It is a labor of love by me. You are hereby entitled to use, mangle, obfuscate, and generally make use of the program as you see fit. You may NOT re-distribute or otherwise deploy this software as part of a compilation CD for profit without the express written consent of me.

No guarantees whatsoever are inferred. If blueprint doesn’t work: tough. If you lose a million bucks because blueprint messes up, it’s you that’s out the million, not me. If blueprint impregnates your cat, too bad. If you don’t like this disclaimer: tough. I reserve the right to do the absolute minimum provided by law, up to and including nothing. You may decline this agreement by going somewhere else and forgetting you ever were here. By using this software, the user hereinafter agrees to abide by all the terms and conditions of the this agreement that nobody ever reads anyway, as well as the Geneva Convention and the U.N. Charter and the Secret Membership Oath of the Benevolent Protective Order of the Moose people and such other terms and conditions, real and imaginary, as I shall deem necessary and appropriate, including the right to come to the user’s home and examine the user’s hard drive, as well as the user’s underwear drawer if I feel like it, raid your icebox, swim in your pool, take it or leave it, until death do us part, one nation indivisible, by the dawn’s early light, finders keepers, losers weepers, thanks you’ve been a great crowd, and don’t forget to tip your servers.

Violations of this license will be punishable by fine, imprisonment, death, any two of the above, or all three.

blueprint is designed, written and pretty much completely owned by me, Bil Simser, keeper of the sacred crown holy crown of cheese.

All Your Sims are Belong to Us.

Categories
Imported From Epistula Personal

PHPlaying

Fun bits of life, this may get geeky, so be warned…

There are signs that the Aquarionics engine (Currently being renamed, because the current name sucks volcanos though pinholes) was designed by someone who hadn’t done things like it before, and none more apparent than now.

K3 (The system, or the old name of it) is inherantly multi-user, at the root of this is a table of Users and Permissions. The only two entries on Users are me, Aquarion, and Lonecat because she has to update Geekhouse and her diary. Also is a table called admin_level, which gives Aquarion write permissions on Aquarionics, Vulcanfan, Geekhouse and Nodes; and Lonecat permissions on Geekhouse and Lonecat. This means at the top of each non-public page, the script calls a function “get_auth($domain)” which checks the authorisation of the current user against the table. Therefore with a single SQL statement I can give a person permissions to do stuff, no more tedious mucking around with .htaccess pages. In the future, this means that when I put something in that has public user accounts I can, without too much bother.

However.

The users table is indexed by Username, because no two usernames can be the same. This was the decision made when I was normalising a multiuser weblog.

And it was a bad decision.

The main problem with indexing by usernames is one of special charectors. The statement to, for example, check to see if the current user is allowed to edit the node you are looking at is as follows:


// If the person has logged in...
if ($PHP_AUTH_USER) {
    
    //Select from users,
    //    admin_level, and whatever we are looking at where...

    $query = "select * from users, admin_level, $type where ";
    
    // author_id on the current node and the user's ID are the link...
    $query .= "$type.author_id = users.id ";

    // and the current logged in user is the author of the node...

    $query .= "and users.username = '$PHP_AUTH_USER' ";

    // and is able to edit nodes...
    $query .= "and (admin_level.username = users.username and ";
    $query .= " admin_level.domain = 'editor')";

    if (mysql_num_rows(safequery($query)) != 0) {
        echo "Oh, Hi $PHP_AUTH_USER, you can <a href="admin.php"
            ."?action=edit$type"
            ."&id={$row['ident']}"
            ."">
edit this node</a> if you like";

    }
}

So what happens if $PHP_AUTH_USER contains a single-quote/apostrophe? This is where PHP’s neatocool “Magic Quotes” feature works, automatically escaping strings. The problem is that it isn’t very consistant. In Afphrid, I was indexing by a user’s text-string, and spent months sorting the bugs in that code. In the end I put four iterations of “remove_slashes($id)” in the header of each and *every* page, to kill all the “Magic Quotes”. Yes, I should use perl, but I wouldn’t have to if I’d assigned them all nice auto-incrementing ints as abstract record ids. But now I have to wade though code I wrote almost a year ago to work out where I’m getting user ids by string, and then change the database. For the new nodes system I added a int “id” field to each Klind user, so it’s a SMOP.

As is every *other* feature I want to add…

Categories
Imported From Epistula Personal

Admin bits

Okay, the upgrade for Knave is complete, and the nodes section now has a Slashdot/Kuro5hin/Most News sites style summery system (Okay, so it just cuts out after the first 200 chars to the nearest space) on it’s front page. I’ve also written up the driving test.

Categories
driving Imported From Epistula

Driving Test I

And so I finally got around to booking a driving test.

For my 17th birthday, as is now traditional in our family, I was given driving lessons. And for a few months I failed to do anything about this, and then started them, and went off on a course of 10. I continued to have lessons for the next few months, pausing for A-Levels and resuming for summer. Then I went to University for two years.

I came back, procrastinated for a few months, and then went back to the lessons. Eventually, around christmas last year, getting to the point where there was no point in me having the lessons until I had booked the test.

Three months after that point, I booked the test. And three weeks after that I told the instructor, Chris, about the test. I now had two weeks until the test, and I hadn’t driven in a few months.

Two weeks

Revision driving test. Wandered around in fine and sunny weather. Got back into the habit. Booked some lessons for the next week.

One Week

Basic driving. Hour lesson, pootled up to the town where the test centre is, practiced manoeuvres around the area where the test is usually, went home.

Six Days

Nice day, pootled back up to Tonbridge Wells, manoeuvred, drove around, had a look at the entrance to the test centre, came back.

Three Days

It’s now Friday, the last week has been mostly sunny, much wind, and the occasional light drizzle. My driving has improved a couple of hundred-fold, and I’m now silently confidant that I should pass. The biggest problem at the moment is that the sun is so bright, fortunately I’ll be doing it in early morning. My parallel parking is going like clockwork (literally, go back until the car lines up with *here* then one turn of the wheel *right* then back until *this* point, then one turn *left* then steer like a baby bull…) My reverse around a corner is so accurate you could use it as a protractor, and the three-point-turn is done in barely two and a third… and, basking in the balmy sunny afternoon on Friday, I went home with a spring in my step, and thought I might just pass this.

Two Hours

Six forty, and I’m awake, staring at the ceiling. I get up, shower, the sun is peeking out from behind the clouds, it looks like a nice day. Shower, Breakfast, check mail…

One Hour

…and it’s 7:35 and Chris is here for one last lesson to brush up on things. Wander up to the town, dealing with rush hour traffic. Wander around Sherwood, where the test frequently is done, Parallel park, reverse around a corner, do a three point turn behind a white car, and make our way though the One way system that the Tunbridge Wells Test Centre is in the middle of. Turn into the test centre, and note with disappointment as it starts to drizzle.

Watch with dismay as the drizzle begins to escalate and turn into real rain.

Zero

By the time I’ve signed the declaration of insurance, and done the eyesight test, and he’s got the model of the car and ID numbers, the rain is incredibly heavy. And I’ve never driven in heavy rain before.

Cars stop differently in the rain. Sometimes they don’t stop at all. Mine stopped every time I told it to. Just not where I wanted it to, and I was so tense that my steering went everywhere. I was positioning right for left turns, and vice versa.

Then came the parallel park, done in Sherwood to park behind a white car. I realised later it was exactly where I had been doing three-point-turns earlier, but at that point it might as well have been on the moon. We pulled in, and as we did so I hit the curb, which I *know* is an automatic fail. At this point I knew I was done for, and might as well relax I parked next to the car – slightly too far forward – and went into reverse. I slowly backed the car to the exact optimal point for turning, missed it by three feet, and then steered the wrong way. There was no way I could have done it in a car’s length now, and so, having already failed, I reset to the right position, and repeated the manoeuvre perfectly.

At that point, I discovered afterwards, I hadn’t actually failed.

But I did, on three counts of inability to steer, reversing around a corner, and parallel parking.

Stupid weather.

Categories
AFP Imported From Epistula

Bath Time

A report, and diary entry, by Nicholas ‘Aquarion’ Avenell.
Moron, of the order of St. Astrid.

Well, That sucked.
Went to Bath.
This sums up, in three words, four hours of travel, decided completely
on a whim at 11 O’clock in the morning. I decided that since it wasn’t
every day that RR was in the country, I should be there.
Life began to suck as soon as I got to the station just in time to see
my train leave. Caught the next one – 15 minutes later – to London,
Charing Cross -> Waterloo -> Bath Spa.
Where I arrived exactly 15 minutes late.
So the people I was looking for had left. Yay. Rah. And other
expressions of sarcastic joy. Together with someone else in the same
situation, we wandered around Bath until, quite by accident, we ran
into someone who had just walked out of the pub where the Meet was
happening.
I should have known this wouldn’t last.
It was suggested that finding a cheap (

Categories
Imported From Epistula Personal

Names

(AFP, 2001-09-27)

I’ve been wandering along the lines of “Who Is Aquarion” for a few
days, and this is how it works:

To AFP: My Name Is Aquarion.

This accounts for both “If You Meet Me In Real Life” as well as, and
especially “When I’m Online”. The only *ONLY* reason my real name is
on these posts at all is because in order to comply with the terms and
conditions of news.cis.dfn.de (My major news feed) I have to put my
real name on posts, at the very least in the sender field.

There is a reason for this, and it goes as follows:
When I joined the AFP for the most recent time, there was a
very specific reason why I wanted to be anonymous. It was a legacy
from a previous place, and meant that I never *ever* wanted anyone
online to know who I was ever again.
So I became Aquarion, which was the name of my website at the
time and was a name I quite liked the sound of. And I posted both here
and on other groups as Aquarion for a moderately long time.
Then I started doing meets, and my Real Name was announced.
This meant that people started calling me by my Real Name online,
which I was too shy and retiring to object to.
(Yes, Ha ha, Aquarion being retiring, I know. I’ve changed a
lot since then)
I respond to Aquarion, however, far easier than I do to my
real name. Mainly because there are very few Aquarions in the world,
and I’m unlikely to be mistaken when someone shouts it across the
room.

So, Personally, I prefer to be called Aquarion. Even if you know what
my real name is. Because it’s what I prefer to be known as.

There are other reasons. The main one being that, although they are
closer now than before, Aquarion is different to $REALME, and I’ve had
enough problems of the “Who Do I Want To Be Today…?” variety to keep
me going for a while.

To Summarize the above: I’m only not anonymous because I comply with
the T&C of my account[1], but really I prefer to be called after the
name I post under.

If anybody tries to restrict my rights to be known as whatever the
hell I like, I will continue to argue with you.

(Not that anybody here has, yet)

To Summarize the summery:
Aquarion is a fairly mucked up person,
light blue touch paper, and stand well back.

Yours in total sincerity,

Aquarion D’Blue

--
 "Ve belong dead"-- O   | Aquarion. Ph33r |V|y 1337 P@||70 5K1||Z
    \\         +-|-+ | From is valid, Replyto is better.
   \\\__o       |   |
___\\\x/___   _/ _ | Resurrecting dead hedgehogs since 1996.

[1] Yes, I *know* they have never been known to enforce this, but it
is still the rules.