log of Logfish.net

Often Python is referred to as flexible and easy to learn programming language, mostly this is because it lacks some of the features you normally don't need that much. One of those features is const objects: being able to protect a variable against future change. Some languages call this "final", others "const", here is the best way I could think of to do this in Python:

The new movie "The Box", directed by Richard Kelly, featured a weird booklet. Don't get me wrong, the content was pretty normal, I've seen that before. But the weird thing was where I saw the booklet before: in the movie Donnie Darko. you guessed it, both Donny Darko and The Box contain the same skeleton in a booklet, and both are movies directed by Richard Kelly.

Take a look at the version from "The Box":

Now here is the version from "Donnie Darko":

Today I installed Dropbox and got an idea. It turns out that if the service has your file already, it will not upload it again. Syncing an 600 MB ubuntu iso took me less time then it took me to download the file, and my upload is not faster then my download. There must be some kind of hashing going on there (they would be stupid not to do it).

However, the speed of the sync got me thinking about a security bug that was discovered in SSH a while back. The problem was that it was possible to notice if a user existed or not because the time it took to respond to an existing user was different then to a non-existing user.

The same holds true for Dropbox: if I create a random file, I'm able to check whether a user on Dropbox already had it by timing the sync speed in correlation with my network output (or even just looking at the network traffic amount will do the trick). Now the question is: what kind of security related file, or personal information format, will be best to randomly generate and try to find?

Theoretically it should be possible to download all Dropbox data this way, hopefully somebody will one day find a good way to exploit this optimization.

Met afstuderen komt natuurlijk ook afbetalen, in mijn geval dan. Dus besloot ik op mijn-ib-groep eens te kijken hoe alles er voor staat.

Twee dingen die ik niet leuk vond om te zien: simpele content injection (wel gedeeltelijk ge-escaped, maar toch). Kijk bijvoorbeeld hier. En dat ze als verificatie het ip adres van hun interne proxy laten zien (zie screenshot). Denken ze dan dat ik daar wat mee kan? De paranoia nerd in mij denkt dat de overheid niet te vertrouwen is met computers.

I had some time to kill, so I pulled up my system monitor and had a look. One thing bugged me: Firefox was doing something while I was not doing something with Firefox. So I dove into the settings and documentation and this long post deals with all the things I could find.

The gedit indent lines plugin was removed. I then looked at the documentation with F1, but the Shortcut keys manual page had a parsing error and yelp didn't want to show me more then the first few keys. I then turned to the internet and found nothing.

Turns out this is one of those: it's to easy, so it doesn't need any documentation cases. The indent key is now TAB instead of Ctrl+M and Ctrl+m. So now you can use TAB and Shift+TAB to indent and un-indent your selection in gedit.

After installing Ubuntu Lucid alpha 1 I found out I had to download the OpenTTD data files again, so I decided to create a package for it. It is a very ugly package, but does the trick. Have fun!

I had the problem that Empathy would disconnect almost immediately when trying to make an audio call. I started it on the command-line and got the following output:

The solution was simple but also weird: remove the .gstreamer-0.10 directory from your home directory (so ~/.gstreamer-0.10), after that no more problems with the rtp element being created.

After having some last minute problems with both the build system and the licensing, I finally released ccbuild 2.0.0. Bring on the issues! Reasons to expect issues to pop up are multi-threading support using OpenMP and using a single top-level o directory, instead of one per directory. Any command depending on the directory structure (like makefile).

One problem with https is that it is not possible to do mass virtual hosting, because the certificate is connected to the hostname, but the hostname is determined by the request. Chicken and egg problem there. In the end you can make a snake-oil certificate for one domain, but it won't work with other domains. If you decide to strip https support for those people who find a way to get there, here is a .httaccess file that will do that:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^.* http://%{HTTP_HOST}%{REQUEST_URI} [redirect=permanent]