Rails 1.1.5 Released: Fixes Top Secret Security Flaw
Posted by Corban Brook Wed, 09 Aug 2006 19:44:56 GMT
“This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
The issue is in fact of such a criticality that we’re not going to dig into the specifics. No need to arm would-be assalients.”
Im guesing it is an sql injection hole allowing someone to remotely blow away your entire database. Rails has been pretty good so far in regards to sql injection so its about time something was found.
For the lazy ones among us, lets just hope the hole remains top secret… at least until after I get back from vacation.
I quickly upgraded 3 servers to 1.1.5 in about 10 mins. For those of you who upgraded to typo-4.0 a couple week ago make sure to freeze rails to the new version (it will have freezed to you 1.1.4 in /vendor)
rake rails:freeze:gemsCyberduck and Finder and Lots of Stuff
Posted by Maciek Mon, 31 Jul 2006 19:01:06 GMT
Ever tried to drag like 5000+ files from Cyberduck to a finder folder? .. Do it at your own risk . I am always amazed that we still have so many programs that lock up when you increase N from 50 to 5000.
/rant
Schadenfreude Upgraded to Typo 4.0
Posted by Corban Brook Mon, 31 Jul 2006 18:27:55 GMT
Today I upgraded schadenfreude to typo-4.0
The upgrade was not without a few snags but everything seems to be running fine now.
How To Manage Sound Effects in OS X Mail with Multiple Accounts and Mailing Lists
Posted by Maciek Mon, 31 Jul 2006 15:46:00 GMT
I have several mail accounts set up on my MacBook Pro’s Mail.app, which has over the last several months become my favourite mail application (I switched from Thunderbird on Windows). Like many people, I find the sound effect of arriving mail to be useful when I’m not at my computer or looking directly at the dock to see when mail has arrived. For better or worse, I’ve come to rely on the sound alert.
This became a problem when I recently re-subscribed to the extremely useful XSL List (a mailing list that discusses all issues pertaining to XSL, featuring some of your favourite XML “scene heavyweights” like Michael Kay , amongst others). This is a busy list, so naturally Mail.app’s convenient mail alert sound effect quickly became a huge irritation.
I found a handy solution for this, however..
Read more...Mongrel 0.3.13.4 Pre-Release
Posted by Corban Brook Sun, 30 Jul 2006 16:55:00 GMT
Mongrel 0.3.13.4 Pre-Release is out and now it supports an option for prefixing your rails applications into sub directories.
“A new—prefix command line option for people who want to mount their rails app at a different base URI.”
This means you can now run rails applications from within a sub directory off the webroot easily and without broken paths.
Note: I have tested this with a collaboa install in a sub dir, like: http://www.domain.com/collaboa and it works without a hitch.
Read more...SmackBook!
Posted by Corban Brook Sun, 28 May 2006 16:13:00 GMT
Many of you have seen the video of Erling Ellingsen’s SmackBook . Making use of the SMS to control Desktop Manager’s virtual desktop switched by hitting the MacBook left or right.
Below is everything you need to get this working on your MacBook Pro.
Read more...How to fix your MacBook Pro's audio in Boot Camp
Posted by Corban Brook Tue, 02 May 2006 18:05:00 GMT
Problem: Mac audio drivers do not support routing between internal speakers and the line out. Sound is instead sent to both outputs simutaneously.
Read more...Google AJAXSLT 0.2 Notes and Patches
Posted by Maciek Thu, 18 Aug 2005 03:32:00 GMT
Lately I’ve been working on a tutorial about Google AJAXSLT, which is Steffen Meschkat’s promising cross-browser AJAX / XSLT API. It provides a basic DOM implementation, and an XSLT 1.0 processor. A neatly-separated XPath implementation not only powers XSLT’s xsl:select, but can also be used to query documents outside of XSLT, for use with DOM. All of this is written in pure Javascript (!), which means that all your browser needs to use it is a working Javascript implementation.
While the project name has the word “AJAX” in it, there aren’t, strictly speaking, any actual AJAX functions included in the API. What you get is a toolkit that provides what many of the AJAX stuff out there doesn’t provide—a powerful, standards-aware way of generating, accessing, and rendering the XML that your AJAX queries work with. Even at this stage, I’ve been able to drop in a few formerly-server-side XSLT stylesheets without modification for use with AJAX output.
The major drawback with Google AJAXSLT at this stage (version 0.2 at time of writing) is that the API is very much in beta, and there are some rough edges. Until Steffen decides to release 0.3, some of us are already itching to play with this thing on a daily basis! What follow are some patches that I’ve been applying to the API to deal with existing issues.
Read more...PHP5 XML Problems & Solutions
Posted by Maciek Wed, 17 Aug 2005 03:37:00 GMT
PHP5 DOM can be tricky at first and hard to remember every time. I always find myself digging around for code I wrote in the past to accomplish a particular trick that I know I can do in theory, if I could just remember how..
Some collected problems and solutions follow in no particular order. This is an evolving document, and I will add solutions to problems as I or my friends come across them. If you have any cool tricks or solutions, please leave a comment and let me know. For the example code, you will require at least PHP5 with the latest libxml2 (minimum) installed.
Read more...A Tour of Javascript, Part 1
Posted by Maciek Thu, 11 Aug 2005 20:01:00 GMT
Here’s a quick tour of some interesting things about javascript for casual programmers, with focus on usage in browsers. Javascript is seeing a bit of a revival lately as many programmers who have to use it in their day jobs gradually discover that it is a very interesting language.
Read more...
