Sunday, November 04 2001

Movable Thoughts #5-8

5) it appears that CGI parameters aren't being untainted anywhere, at all -- the reality is that this may not actually be an issue in an MT context, but it is disconcerting all the same 6) the $CGI::POST_MAX variable is not set for file uploads which means that a cgiwrap-less Movable Type can, potentially, be used as a DoS tool -- to be clear, this problem exists for any and all CGI (wrap-less) scripts; it's just that MT does it out of the box 7) MT is hard-coded to prevent you from updating an already uploaded file 8) there isn't much in the way of validation for email addresses and URIs in the comments form. Now, lest you think I'm just being an asshole and picking on people who've generously donated their time and code to the general public I assure you that I wouldn't have spent as much time as I have on MT if I didn't think it was an otherwise excellent piece of work. But some of these bugs are the kind of thing that no amount of feeping creaturitis or ease of use should ever trump. You can dress it up in a pretty package and try to make it "simple" for "average" users to setup but, and this is not directed at the clever people who've written MT, it doesn't change the simple fact that this computer stuff is hard and complicated and fraught with pitfalls. Where possible I have sent the developers possible fixes, or workarounds. Whether they care to listen to anything I have to say after everything that's been said to date remains to be seen...

meta

Graham Klyne : "I've found it easier to use Notation 3 [1] to create arbitrary RDF content

"in a text editor, then use cwm [2] to convert it to RDF/XML. For example, my current WebWho profile source is at [3], which generates the RDF/XML [4]." see also : RDF::Notation3.pm

meta

The dict-ified dictionary.com word of the day is troglodyte

| source : web1913 | Troglodyte \Trog"lo*dyte\, n. [L. troglodytae, pl., Gr. ? one who creeps into holes; ? a hole, cavern (fr. ? to gnaw) + ? enter: cf. F. troglodyte.] 1. (Ethnol.) One of any savage race that dwells in caves, instead of constructing dwellings; a cave dweller. Most of the primitive races of man were troglodytes. In the troglodytes' country there is a lake, for the hurtful water it beareth called the ``mad lake.'' --Holland. 2. (Zo["o]l.) An anthropoid ape, as the chimpanzee. 3. (Zo["o]l.) The wren. | source : wn | troglodyte n 1: one who lives in solitude [syn: {hermit}, {recluse}] 2: someone who dwells in a cave [syn: {caveman}, {cave man}, {cave dweller}] | source : jargon | troglodyte n. [Commodore] 1. A hacker who never leaves his cubicle. The term `gnoll' (from Dungeons & Dragons) is also reported. 2. A curmudgeon attached to an obsolescent computing environment. The combination `ITS troglodyte' was flung around some during the Usenet and email wringle-wrangle attending the 2.x.x revision of the Jargon File; at least one of the people it was intended to describe adopted it with pride. | source : foldoc | troglodyte <jargon> (Commodore) 1. A hacker who never leaves his cubicle. The term "Gnoll" (from Dungeons & Dragons) is also reported. 2. A curmudgeon attached to an obsolescent computing environment. The combination "ITS troglodyte" was flung around some during the {Usenet} and {e-mail} wringle-wrangle attending the 2.x.x revision of the {Jargon File}; at least one of the people it was intended to describe adopted it with pride. [{Jargon File}] (1995-01-11) | source : devils | TROGLODYTE, n. Specifically, a cave-dweller of the paleolithic period, after the Tree and before the Flat. A famous community of troglodytes dwelt with David in the Cave of Adullam. The colony consisted of "every one that was in distress, and every one that was in debt, and every one that was discontented" -- in brief, all the Socialists of Judah.

meta