Speaking of which:
THAT is what I want. A Smart with a Hayabusa engine.
samuel's Blog
Male, 28
“
http://samuelks.com/
I'm a man with no plan.
Member For: 2 years, 2 months
Posts: 12
Posts: 12
Admin of:
Fun Stuff, Lefora Support Forum, Test Forum this is a really long forum name that willl wrap a lot and look totally idiotic, the meetro, Testing98 Forum, Testing99 Forum, Aardvarktest Forum, Stauffer Family, Quazars Forum, Gentleman Junkie, labs, Samuel in SPACE, Datsun/Nissan Z.
Member of: Jam Forum, Reclaiming Miss Havisham Forum, CrunchForum, Box Art Forum, Cilantro Sucks Forum, The Lefora Blog, Scobleizer's Forum, Universe Today, Anderson Talkzone, Indiana Jones Forum, PBwiki Educator Community.
Member of: Jam Forum, Reclaiming Miss Havisham Forum, CrunchForum, Box Art Forum, Cilantro Sucks Forum, The Lefora Blog, Scobleizer's Forum, Universe Today, Anderson Talkzone, Indiana Jones Forum, PBwiki Educator Community.
Top Post By samuel (most thumbs up):
No posts received thumbs up, next time you see a good one, give some respect and thumb it up.
Recent Posts by samuel:
Re: Mitigating security holes with HttpOnly cookies
September 20, 2007 by samuel
Yeah, though hopefuly now that IE and Firefox have it the majority of people will be covered. Opera having it is nice as well. I guess it's just up to Safari now. Well, that and all the other minority browsers, but one can only hope for so much.
Re: Poll: Is blocking of ads dishonest?
September 20, 2007 by samuel
"Dishonest" was probably the wrong word. I guess I meant: "Does blocking the ads on a website make you a bad person for not supporting the people behind the website?"
So many pointy points
September 12, 2007 by samuel
I wish I had a better camera at the time or at least a steadier hand.
Mitigating security holes with HttpOnly cookies
September 12, 2007 by samuel
Avoiding cross site scripting is a full time job. The more you let your users do the more likely you will have a security whole. Thankfuly Django makes closing some of the more obvious gaps in site security as easy as installing a middleware (well, almost). The CSRF middleware inserts a token into every form on the site and then validates any post requests to make sure it's coming from the site itself rather than a remote site (which won't have the tokens). That is, as long as you make sure to require every state changing request to use POST.
Another problem comes from the chance that a user might be able to inject javascript into a page. At this point they have nearly full control over a users browser that visits that page. There is a way to limit the damage and that is to send all cookies with the HttpOnly attribute. The attribute means that the cookie will only be sent to the server and can not be accessed by client side javascript. So the malicious script on the page can still perform actions on the user's behalf but it can not get the session id.
IE was the first to implement the HttpOnly attribute, and until recently it was the only browser to do so. Fortunately, Opera 9.5 (currently in alpha) and Firefox now both have it (though not in the latest stable releases). Now it's just older browsers and Safari that need to catch up.
Unfortunately, the cookie module that comes with Python does not support/understand/allow the HttpOnly attribute, but to work around this in Django is as easy as creating a middleware with the following bit of code in the process_response method:
sessionid = response.cookies.pop('sessionid', None)
if sessionid:
cookie = sessionid.output(header="").strip()
response["Set-Cookie"] = cookie + "; HttpOnly"
The HttpOnly attribute for cookies is just one small part of covering your ass when it comes to site security. All it does is lessen the risk. Security is always only as good as the weakest link in the chain.
Re: Europe vs US car model conspiracy
September 11, 2007 by samuel
Yeah, though I think the Smart is available in the US: http://www.smartusa.com/ and http://www.smartcarofamerica.com/
Although, availability is limited and I'm not sure if we can get all the models.
"The newly designed 2008 Smart ForTwo automobile will be available in the United States in very limited numbers early next year.
Regrettably, sources at the parent company Smart GmbH advises that smart USA will only be receiving some 20,000 Smart cars for their entire dealership network for the 2008 model year.
So, regardless of the number of Smart cars reserved or orders received, the sales potential is very limited."
I want one! It's like a street legal go-kart!
Europe vs US car model conspiracy
September 11, 2007 by samuel
Why is it that the US always gets the worse models of cars than Europe? Whenever the same car is being sold in both sides of the world the US always gets the crap end of the stick. It of course must be that different cars sell in different markets, but does that mean that US car buyers have poor taste or that there's just not enough competition here to drive the qualtiy up?
The following picture has anything to do with anything you can hope to purchase, but it does to show that a name means nothing. Here in the US the focus is a joke, the European model of the Focus is a very respectable car, and the WRC version of the Focus... well, let us just leave it at that.
How to access jacklewis.net with Opera while still blocking ads
September 11, 2007 by samuel
Recently http://jacklewis.net/weblog/ banned Firefox users because of the possibility that they use the Adblock extension. I don't know what the blog/site is all about and don't really care; however, I find the whole thing very petty. The percentage of people who block ads is very small even in the ranks of Firefox users (ok, I have no hard data to back this up.. just a feeling), and allowing the people who DO block ads to view the site isn't hurting anything. But anyway, Firefox isn't the only browser out there. It's just as easy to block ads with Opera.
With opera you can use "blocked content" to block certain hosts/urls. This lets you stop the loading of ad scripts. The problem is that jacklewis.net has a small bit of javascript that verifies that the ads are actually there. How to get around this:
in site preferences:
- Uncheck "Scripting / Enable JavaScript"
- Uncheck "Network / Enable automatic redirection"
This may disable some extra functionality of the site. As I'm not an actual user of the site I can't say for sure. Another option that's slightly more work is to add some a line to your User JS file:
window.opera.defineMagicFunction('dieAdBlockPlusDie', function () {});
These aren't ways to block the ads on the page; It's up to you to figure that out, but if you already are blocking the advertising (especially google ads since that's what it's checking) then you can use the above methods to disable the "adblock" check.
