Here’s the setup: you have a computer which has a SD port (small memory cards, mostly used in cameras, phones, etc.). You want to get all of your photos from that card automatically as soon as you insert your card (may be a USB key as well), that is, run a script which will search for all of your photos, and copy them to a local directory.

Read the rest of this entry »

Mark Ramm, one of TurboGears’s core developers announced on TurboGears’s mailing list that they will merge with Pylons! To be more precise, the API of TurboGears will be implemented on top of Pylons. It seems they already made some test/proof of concept that are, as they say “a huge success”. That’s really good news for Python web frameworks development, and a good news for me, as I’ll not have to choose between the two :-

As a sidenote, it seems another framework, CleverHarold has disappeared without anybody noticing. Its domain is parked, and today its Google Group page went off (the last messages were from people asking if the project was still alive).

Update: Noah Gift wrote a nice article about the merge.

CalCubeTimer in its newest version is now available! For people who don’t know, CCT is a java program that times for Rubik’s cubing performance. It is really cool not only because it is beautiful, easy to use, has a client mode to connect to a central server (for contests), but because it allows you to plug you stackmat and show its content in full screen!

OK, we now have to configure the network. The goal is to be able to connect to our access point, where we’ll get information to connect to our “sound server” (I call it like that because I’ve still not decided between using mpd+mpc+samba or some more direct access like the use of esd).

We’ll set the wifi interface as a client for a remote access point. We’ll keep the WAN interface with a static ip (here, 192.168.1.1)

Please note, that changing the configuration will make the remote network access as previously used unusable. The only secure access is still through the serial console.

First, edit the file /etc/config/network:

And then the file /etc/config/wireless:

If your access point has some encryption, like WEP, do this instead of the wifi-iface block:

You can take a look at the different available options on this documentation. If all is well, you should have an ip address on your br-lan interface (your WHGT634U hub port is bridged with the wifi interface).

Next part will be the most interesting :-) I think I’ll try all the different methods to implement an automatic player daemon. Direct methods, and indirect methods, using a share fielsystem like CIFS.

Reference

Jkx@Home’s article explaining another use of WGT634U

As the title says it, each presentation was filmed, and has just been uploaded for everyone’s pleasure! Here is the two-part video presentation of Twisted, done by Michael SCHERER.

Oh, by the way, please take a minute to vote for your favourite Internet Engine!

A nice article explaining the vulnerability in Worpdress themes (in fact anything using php :-) was published some days ago. Now, there’s even a vulnerability scanner available (done in Perl).

I ran it on several of the blogs I manage, and all of them were vulnerable to XSS (wp-scanner also tests other vulnerabilities) :-(
I followed the advices on blogsecurity’s website and modified all of the search functions I could find. Now wp-scanner doesn’t report any vulnerability (it doesn’t mean it is cracker-proof, but it’s a good start).

So if anybody else uses the Redoable theme like me, you should patch the

file. Near the top of the file, find the

string, and enclose the

string with the

method:

Search for <?php echo htmlspecialchars($s); }

Do the same for the

file:

searchform” action=”<?php echo htmlspecialchars($_SERVER['PHP_SELF']);

An even better protection would be to use the mod_security module for Apache/Apache2, which can detect and block these kind of attacks. But this requires that you control your server.
To prevent web visitors from sending tags, you can add the following rule in your virtual host:

SecFilter “<(.|\n)+>”

Now, when someone requests < anything >, the visitor gets a 403 error, and in your audit log, you now have:

==36d82a37==============================
Request: www.gradstein.info 82.67.175.56 - - [11/Jun/2007:11:10:56 +0200] “GET /?s=%3Cwpscan%3E HTTP/1.1″ 403 202 “-” “Mozilla/5.0″ - “-”
—————————————-
GET /?s=%3Cwpscan%3E HTTP/1.1
mod_security-message: Access denied with code 403. Pattern match “<(.|\\n)+>” at REQUEST_URI [severity "EMERGENCY"]
mod_security-action: 403
HTTP/1.1 403 Forbidden
Content-Length: 202

Please note, that mod_security does not correct your application. Here if you only use mod_security, Wordpress theme will still be vulnerable on the underlaying level. It is OK to use mod_security, but it is much much more advisable to correct the origin of the problem and not cover it.

Before the 7.06 stable version of OpenWRT there were many problems for making USB audio working on this exceptional router (the only one I know with a USB port). Problems with kernel version 2.4/2.6, problems with alsa, problems with USB not working (usb2), etc. Take a look at the forums, and see all horrible, painful modifications/patches you needed to apply to make it working.
I have to say that the OpenWRT developers/contributors (and the forum members) did a wonderful job and corrected every known problems. So with this version, the installation is really straightforward!

Please read the following to get all the details.
Read the rest of this entry »

I went today to the Journée Python 2007 Conference in France. I managed to see half of the Twisted intro, some lightning talks, and most of the afternoon presentations (thanks to Ido’s mid-day nap).

Most of the talks were introductory type, but they were finely presented (alas most of the audience already knew python). I hope I’ll find the time to prepare some more advanced Twisted presentation for next year’s Conference (there’s one, right?)

Since Asterisk 1.2+, the methods to access the AstDB database (a berkeley local database) were changed from DBGet,DBPut,DBDel to the merged “simpler” one named Set (except for DbDel which seems to still exist). There was a functionnality that when a key was not found in AstDB, a jump would be done to n+101. So the following would be OK:

exten = s,1,Set(forward_number=${DB(FORWARD/1234)})
exten = s,2,Background(one_local/forward/forward_number_is)
exten = s,3,sayalpha(${forward_number})
exten = s,4,Goto(s-report_mode,1)
exten = s,102,NoOp(Pas de valeur ce qui est normal)
exten = s,103,Goto(s-not_set,1)

But with my newly installed Asterisk 1.4.4, it doesn’t jump anymore. It continues to s,2 :-(.
So I guess I need to add a supplementary line to explicitely test the presence of the key:

exten = s,1,GotoIf(${DB_EXISTS(FORWARD/${F_EXT})}?:102)
exten = s,2,Set(forward_number=${DB_RESULT})
exten = s,3,Background(one_local/forward/forward_number_is)
exten = s,4,sayalpha(${forward_number})
…
exten = s,102,NoOp(Pas de valeur ce qui est normal)

Pylons is a cool web framework (one more, besides TurboGears, Django, Zope, etc.). Someone posted on the mailing list a reference to a nice introduction.