March 2005 Archives
8 entries filed this month:
Simple exploit may be sitting on your server… this apparently isn’t a new one but I don’t often review my web-logs manually anymore and just discovered quite by accident an exploit targetting the awstats log analyser, versions older than 6.2.
cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl ...
Basically anything in between the pipe character “configdir=|some commands|” gets executed. Yes.
In this case they were pulling down from a Romanian server via wget a perl file made to look like a “session” file, containing an IRC server in perl, written by an Italian speaking programmer it seems.
Moral of story, sign up to yet another list or discontinue use of as many third party packages as possible—I already do this, awstats slipped in under the wire. Upgraded and secured now. Check your versions and logs…
The first (not unexpected) challenge to the basic principles agreed to in the merger between the PC Party and Alliance Party has come out of the working groups at the Conservative Party policy convention.
Under the merger agreement, delegates to national meetings would be allocated on an equal basis per riding, regardless of any factor (membership, riding size, population, etc). This is a policy with a long history in the finest of PC Party tradition – equal representation to all areas of the country. Its a stand I fully support.
Scott Reid, MP and long time Harper supporter, lent his support and helped drive a motion restricting delegates:
- Maximum of 10 per riding for ridings > 100 members
- Maximum of 1 per every 10 members for ridings with < 100 members
During the merger negotiations, MacKay insisted on the equality clause for the ridings and it was one of the potential “deal-breakers” during the merger talks. “It goes completely against the agreement in principle, so quite frankly I’m disappointed that somebody [Reid] who was so involved in the actual process and knows how adamant a feeling there was that we needed to have equal representation in all of the ridings would do this,” MacKay told reporters. More >
The motion was passed by those present in the working group; it now moves to the plenary for a vote by the full assembly on Saturday where all such motions must pass by a so-called “double majority” – a majority of delegates present and a majority of provinces represented.
The motion must be defeated. I wish I was there to help this weekend.
Only geeks need peek, others just move along, there’s nothing to see here. Noted on /.
Break out your party hats. According to http://www.onlineconversion.com/unix_time.htm, Unix time is supposed reach 1111111111 on Fri, 18 Mar 2005 01:58:31 GMT.
>>> datetime.datetime.utcfromtimestamp(1111111111)
datetime.datetime(2005, 3, 18, 1, 58, 31)
Yup.
Mark Pilgrim released Butler, a ‘user script’ designed to run under the Mozilla Firefox Greasemonkey extension. Among other things, Butler strips ads from Google search results. I suspect we’ll be seeing many more Greasemonkey scripts – terrific idea – giving us all a little more control from web/media gone wild.
It’d be nice if the script could be modified to allow a single edit for the top-level domain Google is using – here Google always defaults to google.ca even if I initially visit google.com. In the interim, I hacked the script for my purposes: butler_ca.user.js
Since Andy Gross is naming his yet-to-be blog application I thought I’d join in and publish the name of the blog / cms project I’m working on… Parlez. I grabbed the name not seeing anything similar, at least not in Python-land, three years ago. Parlez seemed a natural fit for communication with an international theme – the app was originally designed from the ground up to support multiple languages.
An older version of the code is running a commercial site and for a goodly amount of time ran the web presence for a major political party. Embarassed by the old code, and frustrated by its many deficiencies, I have been rewriting it and will sooner than later make the code available. Its written in Python naturally, and relies on Quixote, Dulcinea and Durus, and a set of components I’ve factored out of the cms/blog application into its own support library I call Sous (under, in english) to keep the french language theme going.
Dethe Elza lists language attributes and origination for some future programming language in 50 Year Language – I’d like to add to his list the simple but critical:
- Readability, from which
- Understandability, and
- Teachability (self or otherwise) lead to
- Maintainability
Readability and the consistency auto-imposed by the language are Python’s best attributes, and are not shared by many of the other languages in the Dethe’s list. I hope any future uberlanguage, the one language to rule them all, doesn’t hurt my eyes and mind when I have to read it…
Check this out… another in a steady stream of XMLHTTPRequest object / Javascript solutions, I smell Python versions coming soon…
http://www.modernmethod.com/sajax/index.phtml
Snippet from the US Senate today, “to our Canadian friends, listen up; get your act together; follow NAFTA…” – this on the subject of continuing a ban on Canadian cattle due to Mad Cow Disease.
Too funny.
Funny first because the US meat inspection system is abominable[2]. The only reason more mad-cow is not found in the US is because of the poor quality of the system there, and because of the powerful ranching lobby—its most certainly not because there are fewer BSE infected cattle south of the 49th parallel.
There’s a reason I’m a vegetarian, well, actually many reasons. BSE is simply one of them.
Side note: One Canadian entrepreneur built a meat processing facility equipped with its own BSE testing lab on-premises – the first, and only of its kind in Canada – perhaps unique or certainly rare even across all the US. Problem? Canadian government will not allow the facility to operate, acting under pressure for ranching and meat processing lobby (this is a trans-border lobby on the processing side, dominated by US corporations in both countries including Cargill).
Crazy, no?
The Senator’s comments are funny second because the US has been held in contravention of NAFTA and other international trade agreements time and time again. Softwood Lumber happens to be a local example here people of this area are very familiar with – despite ruling after ruling declaring illegal the punitive tariffs imposed by the US on Canadian softwood lumber, the US still has not eliminated these illegal tariffs nor returned the billions of dollars collected illegally .
Its humorous to hear a US Senator chide any other nation for their trade record, let alone Canada which has won its case under international trade law far more often than not.
What you don’t know can hurt you. Between 1989 and 1992, the U.S. Dept. of Agriculture detected 21,439 pesticide-residue violations. The feds prosecuted only one of those cases. Also, of the 50 million pounds of antibiotics used in the U.S. every year, half is pumped into livestock.
In the Milwaukee case, one of the nation’s largest, most modern meatpacking plants Excel Corp.‘s Fort Morgan, Colo., facility was cited 26 times over a 10-month period