“CC Yourself” and Spam

Every good web programmer will note that the following contact form markup is probably flawed

<form>
...
    <input type="hidden" name="to" value="support@example.com" />
...
</form>

as it is likely that if the value of the “to” field changes the message will be sent to the modified address. The problem with this kind of functionality is that it allows a malicious user to send emails from your mail server. More specifically, it can allow spammers to user your benign server t send their spam (and as a side effect you might be flagged as a spammer yourself).

As this case is pretty obvious one doesn’t see many real-life uses of it anymore (but careless programmers used it more often n the past until they learned better). However one can achieve similar goals (spam-wise) by utilizing a common feature in contact forms: the “CC yourself” checkbox.

Continue reading “CC Yourself” and Spam

Over Looking the Simple Solution

Few days ago I’ve decided to start logging my rowing sessions. I disliked the idea of keeping the log on paper, so I’ve looked into a computerized solution. I ruled out Concept2’s online log book, because I wanted something private which wouldn’t require me to register on yet another website (and sometimes internet access at my rowing club is broken). Soon I’ve decided to manage the log using TiddlyWiki, a client-side html+js wiki, which I wrote about in the past. It some nice features:
1. It fits in a single self contained file that is perfect to put on a usb-stick.
2. It has built-in search features.
3. It allows great flexibility in how to log my sessions – no predefined format which I need to struggle to fit my sessions into.

The TiddlyWiki solution seemed great, and I’ve started using it. But as the title says, I merely looked over much simpler, yet as powerful, solution – a simple text file. Porting my rowing log to a simple, old-fashioned, text file provided me all the relevant features of TiddlyWiki, such as search, flexibility and working from usb-stick, while using less space and editable using a basic text-editor (or the powerful vim). Using reStructured Text, I got a nice readable journal that can be later processed into even nicer looking html files.

We all want to believe that we know to match the right tool for a task. But maybe, because we tend to adopt newer technologies and utilities all the time (because for a lot of tasks they do provide better tools), we end up over looking simpler, “old-fashioned”, solutions. If I take a moment now to look around, I can come up with several other places where new stuff is used instead of simpler solutions. Take a look around you, and I’m sure that you will be able to find some too.

Fixing Numbering Direction for Hebrew Text in LyX

On Monday, I’ve submitted a patch to the LyX developers mailing list with a fix for the numbering direction in Hebrew text. In Hebrew text the dot appeared before the numbering symbol instead of after it as it should.
before-fix
This behaviour has been this way for years (at least as long as I can remember).
Continue reading Fixing Numbering Direction for Hebrew Text in LyX

Start Trac on Startup – Init.d Script for tracd

As part of a server move, I went on to reinstall Trac. I’ve tried to install it as FastCGI but I failed to configure the clean URLs properly. I got the clean URLs to work if the user access them, but Trac insisted on addeing trac.fcgi to the beginning of every link it generated. So I’ve decided to use the Trac standalone server, tracd.

The next problem I faced was how to start the Trac automatically upon startup. The solution was to use an init.d script for stating Trac. After some searching, I didn’t find an init.d script for tracd that were satisfactory (mostly poorly written). So I went on an wrote my own init.d script for tracd.
Continue reading Start Trac on Startup – Init.d Script for tracd

Pull vs. Push MVC Architecture

I intended to write this post couple of months ago, when I worked on a pull based MVC framework for some site. Most web-developers are acquainted with the MVC architecture and almost all the major web-frameworks uses this concept, including Ruby on Rails, CakePHP, Django, Symfony and others. So what is MVC and what’s the difference between pull and push?
Continue reading Pull vs. Push MVC Architecture

Samba and Firewall Configuration

I’ve been using Guarddog as a GUI for iptables for some time. I’ve configured it to allow to connect to samba network shares but for some reason it won’t allowed me connect to the shares without the disabling the firewall first. The blockage happened despite the proper configuration in Guarddog. So today I decided to look again at the problem and fix it.

After inspecting the output of ‘dmesg’ I found out that it tries to connect to 192.168.2.255 (192.168.2.* is my network), which is the broadcast address for the network. I tried enabling connection to the address and to my surprise this fixed the problem. I guess samba for some reason requires access for the broadcast for some name/address lookup of hosts in the network.