therning.org/ magnus

A rather long (more than 1h) video of Jacob Kaplan-Moss’ presentation on Django at Google.

An excellent movie. I really should read something by Philip K. Dick I guess. YouTube has a piece with an interview of Philip K. Dick:

I enjoyed reading this article on how an XSS attack works. I’ve always just done the alert("Game over!") XSS which isn’t really an attack at all, just a proof that there’s a possibility for an attack.

That trusted computing is bad for consumers is something I’ve known for a while, but apparently TC is bad for security as well. Every security measure has its side effects, I’m not convinced this one is unintended though.

Here’s a prime example of just how bad laws like DMCA can be. If this holds up we basically allow the law to force us backwards in time. (I just have to sneak in Cory’s excellent write-up on Europe’s broadcasting flag here.)

Network neutrality is a complicated subject. Ed Felten has done a lot lately to clarify things for me with his Nuts and Bolts of Network Neutrality. I still have to find the time to look through his blog a bit more carefully.

Why is this such big news? An update for Ubuntu broke X. Boohoo! I bet most people complaining don’t have a shadow of a leg to stand on in this. They don’t pay, they don’t contribute, they only bitch in the forums/mailinglists/blogs/etc. It only took 8 hours to fix!

Just in case the UK government wants a good reason to not introduce bloody ID cards and national databases to keep records of everything everyone does—here it is!

Looking to replace M$ Office? Here are a few MS Office killers.

I wouldn’t mind having my desktop look like this!

I’ve actually wondered how to uniquify a list in Python for a long time.

Python is moving up, or maybe it’s down, I don’t know.

Want to learn Python and PyGTK? This blog on learning Python seems like a good place to get inspired.

Erik, it just works for me. I have LUKS on a partition on a USB stick. When inserted I get a dialogue box asking for the LUKS password. I had to configure hal a little to give the desktop icon a good name:

<device>
  <match key="volume.uuid" string="d23647f8-22be-4a8c-86f8-8f59975e9e61">
    <merge key="volume.label" type="string">StickSecret</merge>
  </match>
</device>

For various reasons I wanted to see just what was required to roll my own basic authentication using Django. I am aware there’s a built-in authentication module, django.contrib.auth, but it’s overkill for my ultimate goal and it depends on the session module in ways that only further study can reveal. I heard rumours that the authentication module would be pluggable. The only pluggable aspect of it that I found was the backend (i.e. the data model).

In the end the most relevant reason for doing this was that I wanted to

So, what’s involved in it? It turns out, not much!

First I created a middleware class that extracts the authentication credentials (read username and password) and sticks a ‘user object’ in the request depending on just how successfully it does this:

from base64 import b64decode
from models import User, AnonUser, BadUser

class MiniAuthMiddleWare(object):
    def process_request(self, request):
        auth = request.META.get('Authorization', '') or \
                request.META.get('HTTP_AUTHORIZATION', '')
        if not auth:
            request.user = AnonUser()
            return

        name, pwd = b64decode(auth[6:]).split(’:')
        try:
            u = User.objects.get(name=name)
            if pwd != u.passwd:
                request.user = BadUser()
                return
            request.user = u
            return
        except User.DoesNotExist, e:
            request.user = BadUser()
        except AssertionError, e:
            request.user = BadUser()

        return

The model related to this is rather minimal:

from django.db import models

class User(models.Model):
    name = models.CharField(maxlength=50, primary_key=True)
    passwd = models.CharField(maxlength=50)

    def is_authenticated(self):
        return True

class AnonUser:
    name = 'Anonymous'
    passwd = 'NoPass'

    def is_authenticated(self):
        return False

class BadUser:
    name = 'BadUser'
    passwd = 'NoPass'

    def is_authenticated(self):
        return False

Then I decorated the functions/urls that required authentication with the following:

def _RequireAuthorization(func):
    def _wrapper(request):
        if not request.user.is_authenticated():
            response = HttpResponse()
            response.status_code = 401
            response['WWW-Authenticate'] = ‘Basic Realm=”Silly Realm”‘
            return response
        else:
            return func(request)
    return _wrapper

That all seems to work just fine

They keep on saying that censorship is bad, at the same time they want to introduce it in Europe. Brilliant!

It seems we are all taking part in helping the terrorists achieve their goal. Bruce Schneier’s saying it, here’s a post from a while back saying the same thing.

At the same time politicians seem to be involved in more security theatre (look here for an explanation of security theatre). The police is busy showing us that they really need 90 days detention without charge. I wonder if we’ll ever see some intelligence at the top.

Luckily for Dr. Evil he asked for sharks, the poor US Navy will soon be carrying out test on “frickin’ goldfish with frickin’ lasers attached to their frickin’ heads”.

This site contains quite a few facts about Chuck Norris. Here are some facts about our crypto-hero Bruce Schneier. (The last site also has a very nice t-shirt with our homeboy, Knuth.) Of course the world wouldn’t be right without a site with facts about Mr. T.

Brett Parker’s been packaging django for Debian and making it available to the world. The latest update was just 2 weeks ago. Unfortunately the packages seem to have been made before the very recent move to Python 2.4 in Debian Sid, so they aren’t installable without downgrading

I’ve spent a few hours tonight playing with django. I have a small project in mind and at first I thought I’d just go for cherrypy since I’ve played with that before. After hearing Guido’s praise for django on FLOSS weekly I decided to take a look at it.

At first I was overwhelmed. Then I was confused. Then I was impressed. I’ve decided to play a bit more and it looks like I’ll end up using it.