teenage mutant ninja hero coders

The vCard support in Mac OS X is totally broken. Address Book generates invalid vCards and can not import valid vCards. Even when it can import a vCard, is usually can’t decode a Image which might be encoded in the vCard.

If you want to generate a vCard with a Photo which can be decoded by the Apple Tools you have to ruin a valid pice of vCard data like this:

card = string_with_a_valid_vcard
filename = "some-photo.jpeg"
if File.exist? filename then
  photodata = [File.open(filename).read].pack('m').to_s
  photodata = photodata.gsub(/[ \n]/, '').scan(/.{1,76}/).join("\n  ")
  card.sub!('END:VCARD', "PHOTO;BASE64:\n  " + photodata + "\nEND:VCARD")
end
return card

gnarf

Posted in c0re, make what_i_want --force --really-hard | 1 Comment »

Some patches for Niels Provos’
crawl – “a small and efficient HTTP crawler”crawl – a small and efficient HTTP crawler.

* crawl-0.4-log-headers.patch makes crawl log all http headers seen to a file named “headers.log”.

* crawl-0.4-doc.patch makes crawl download MS-Office documentes. It’s also a nice example on how to extend crawl to download different filetypes than images.

One nasty problem with crawl is, that it’s file-storage format doesn’t scale well: The one directory per URL component has a tendency to bug down filesystems and makes further processing of the datasets somewhat inconvenient.

Posted in c0re, make what_i_want --force --really-hard | No Comments »

This patch for Niels Provos’ Webcrawler allows to download MS Office documents en masse instead of Images as intended bei Niels.

Posted in c0re, make what_i_want --force --really-hard | No Comments »

I was wondering for a long time why so few Web Applications use HTTP-Authenitcation. OK, I understand webdesigners want more control over the password input Layout and and I see the issues with “logging out” when using HTTP-Authentication but for many applications these both are not an issue. And password management in browsers for HTTP-Authentication is usually so much better. At least for me using Safari which uses Keychain for password management.

Today I tried to implement HTTP-Authentication in Webware and found out the hard way why so little Web Applications support HTTP-Authentication. The Apache Webserver deliberately tries to bar CGIs and the like from implementing HTTP-Authentication. The reasoning is that “user supplied” scripts might steal authentication credentials when the “system” is doing the authentication. Might be. But many apache deployments have no user supplied scripts at all – everything is controlled by the same entity so there is no reason not to thrust scripts with the authentication information.

You can change this behavior by setting SECURITY_HOLE_PASS_AUTHORIZATION when compiling apache.

If you can’t recompile apache you can work arround the problem by using mod_rewrite to add the missing information to the environment. For Example using Webware’s mod_webkit something like this should do:

  WKServer localhost 8086
  SetHandler webkit-handler
  RewriteEngine On
  RewriteRule /WK(.*) - [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},PT]

But the rewrite Rule should also work with CGIs and other modules.

If you are a apache module author you should make sure you pass the Authorization to your scripting code. ap_add_common_vars(r) and ap_add_cgi_vars(r); refuse to do. So you must retrieve the Authorization header via ap_table_get(r->headers_in, "Authorization") and pass it on.

I have created a patch for Webware 0.8.1 which implements this.

On the Application server site code would look like this:

import base64
def authorized(self):
  httpAuth = self.request().environ().get('HTTP_AUTHORIZATION', \
    self.request().environ().get('X-HTTP_AUTHORIZATION'))
  if not httpAuth: return 0
  authType, auth = httpAuth.split(' ', 1)
  assert authType.lower() == 'basic', 'Only basic HTTP authentication'
  name, password = base64.decodestring(auth.strip()).split(':', 1)
  return self.authorizeUser(name, password)

[code based on Ian Bicking's]

When apache is recompiled HTTP_AUTHORIZATION is supplied. If you use the mod_rewrite or mod_webkit approach X-HTTP_AUTHORIZATION is used since apache doesn't allow it's internel variabled to be redefined.

For an overview of HTTP-Authentification with Webware and and different approach in solving the problem see the Webware Wiki.

Posted in c0re, make what_i_want --force --really-hard | No Comments »

To compile Webware’s WebKit wkcgi-Adapter on MacOS X 10.2 you need this patch.

Posted in c0re, make what_i_want --force --really-hard | No Comments »

Installing Linux on a Notebook with 16MB RAM.

The old Toshiba TECRA 710CDT named “Rasputin” can’t boot from CD. uh. Found Smart Boot Manager which can sit in a floppy’s bootsector and proceed in booting from CD. Nifty. But to Install that beast I need a Machine with a floppy drive … ah. there is one of these in Titan our DSL router and it even works!

Gentoo Linux segfaults after the kernel is loaded. Not enough RAM? Nope. debian panics, althoug they claim 14MB is enough for installation. FreeBSD 4.8 works like a charm but has no adaequate wireless packet capture facilities.

Win98 SE installation CD can’t handle booting via Smart Boot Manager.

Slackware 9.1 booted fine but mke2fs resulted in a segfault.

Posted in c0re, make what_i_want --force --really-hard | No Comments »

parss didn’t work for me. This patch helped:
http://c0re.23.nu/c0de/misc/parss-2003-07-07.patch

Posted in c0re, make what_i_want --force --really-hard | No Comments »

Es gibt zwei Unix-ssh Versionen: OpenSSH und KommerzSSH. Die beiden haben sich in dne letzten Jahren etwas auseinanderentwickelt und KommerzSSH macht in der Regel mehr Probleme bei der Kompatibilität zu älteren SSH-Versionen.

Um einen Key für die Anmeldung auf einem Unix-Server zu erzeugen, muß man etwas anders vorgehen, als bei dem weiter verbreiteten OpenSSH:

% ssh-keygen -t rsa
(passphrase eingeben)
% cd .ssh2
% echo "idkey id_rsa_2048_a" >> identification
% scp id_rsa_2048_a.pub olaf@b.23.nu:.ssh/
% ssh olaf@b.23.nu:
(passwort eingeben)
% cd .ssh
% ssh-keygen -i -f id_rsa_2048_a.pub >> authorized_keys2
% exit

Posted in c0re, make what_i_want --force --really-hard | No Comments »