Thoughts on yesterday’s hackmeetup
We had 33% more people than last time, but the same amount of computers. This turned the meet into a more chatty one than last time. At the start, this annoyed me because I wanted to get started with my coding, but over the course of the night I got used to it and actually prefer it that way. There’s a reason why we’re meeting up instead of just sitting at home, after all.
I tried to work on a Firefox extension, and even though I have actually written an extension before, I started out from scratch because I couldn’t actually remember anything from that time. That period one year ago was fairly hectic and my memories from it are generally quite vague.
General hints on extension writing would be to make sure you get your install.rdf and chrome.manifest files right, since not doing so can both make your extension load without doing anything at all, and load and break all of the built-in chrome in the browser. Neither of these are very pleasant. And related to that last point, make sure you follow the advice on creating a separate profile for development. I didn’t, but it would really have helped.
In the end, I created an extension that really did nothing, because I couldn’t get the nsIWebProgressListener interface to do what I wanted. I haven’t given up, though. I might just have been grabbing what I was trying to listen to at the wrong time.
On the other hand, Olle and Ola sort of got done what they wanted, with a lot of experimenting along the way, a nice big pink border and a huge magnifying glass. So all in all, it was a good night.
Web hacking or something
I spent a very enjoyable evening yesterday in the company of Olle and Fredrik (who blogged it while we were there, but whose link I never got). It was supposedly web hacking, but the closest anyone got to the web was Olle, who tried to build a PHP extension. (So it’s suitable that it’s now changed name to hackmeetup.) Me, I bashed my head against Python for Series 60, building a simple script that would beep once every five minutes if I have any unread SMS messages in my inbox. The actual script that I wanted to write took me approximately an hour, after already having installed PyS60 on my phone but never actually having tried writing anything for it before. The remaining four hours, I spent on trying to build it into a standalone application that could run in the background.
I must have been really tired at the end, though, because when I tried it again this evening all I had to do was to fix one syntax error in my script and then everything worked.
Running a mail server under TDC
Stupidly, I got into the habit many years ago of running my own server for dlade.net. This is always an extra cause of stress when moving anywhere, since it means I have to take down my primary mail server and not be quite sure when and how I will be able to get it back up again. And moving is often the time when I need email the most.
Having moved a few times (I lived in six places during my six years in London, moving more than once a year in the beginning), I was quite prepared for it this time, and even read about how to run a mail server in the TDC FAQ. When I finally got to set it all up, however, nothing worked the way I expected it to, and I could neither receive nor send email from my server, because port 25 was blocked both ways.
Reading the FAQ again, I found new information that mentioned that port 25 is blocked and you need to route your email via the server asmtp.mail.dk (with authentication) on the way out and the server backup-mx.post.tele.dk on the way in. However, neither of these would actually accept email for my domain, so I gave up for a short while. Googling randomly on the matter a bit later turned up the unauthenticated server smtp.mail.dk for sending email, which wasn’t mentioned anywhere in the FAQ, and finally four days after the move I could start sending email by myself. Incoming mail still had to go via my secondary mail server and fetchmail from there.
Today, as I was preparing to write this, as a way of spreading the knowledge of smtp.mail.dk a bit more (since it was hardly mentioned anywhere that I could find), I was again looking through the FAQ and today found a new entry that claims that port 25 should be open if you have a fixed IP address, and that you can ask for it to be opened if it isn’t already. So I called customer service, who impressively answered straight away and understood what I was talking about, and a few minutes and an automatic cable modem restart later, my mail server is now accessible from the rest of the world.
When spam goes wrong
I’ve been seeing a lot of blog posts about spam recently, probably set off by this post from Dale Dougherty on how we’re losing the war on spam. I just got a spam message that makes me think we’re doing quite a good job fighting against it. It’s not that I’m getting less spam than before, far from it, but I have a filtering technique that usually works very well.
The message that I’m referring to got filtered as spam, but because of the title and the reasonable name of the sender I had a quick look to confirm that it was in fact spam. It was, and I’ve been getting similar ones way too many times, but this time the text they had grabbed from somewhere was an excerpt of the Atom RFC, and the image that tried to make me buy some shares was tiny with dark striped text on black.
There’s something strange about getting a spam where the main message they’re trying to sell is unreadable and the body they’ve slapped on to it to avoid filtering is actually something that’s interesting and valuable.
DWR looks scary
Yesterday, I got an invitation to a new site that is currently in beta and I started playing around with it, viewing source and looking at their javascript as I would normally do on any site, when I suddenly, completely by accident, discovered a DWR test page. With DWR being an Ajax interface to Java, the test page was an auto-generated list of available method calls on the web API. Not only that, but it let me call any of these methods with whatever parameters I wanted.
With the site more or less completely built up via this method, there were 139 methods available to play with, including scary looking combinations like listUsers() and deleteUser()… Now, it’s obviously up to the site’s developers to use some common sense when deciding what methods to make available to javascript calls and to remove or protect this test page so that it can’t be accessed externally, but it looks to me like DWR has certainly made it easier for them to shoot themselves in the foot. I absolutely love this bit on the DWR security page: it would be silly to worry too much about DWR when the rest of your web-app could be open
Oh, and for your information, it was difficult but I resisted the temptation. I reported it to the developers without having made a single API call, and they closed the page up within a few minutes. I still think it seems very dangerous to make methods like deleteUser accessible via javascript, though.
Komodo Edit
I’m very happy that ActiveState have released Komodo Edit, a free (as in money) version of their IDE. I’ve been using Komodo either with a real license or with an “extended trial license” at work for years now, but recently made the switch to EasyEclipse because I’m now working from home and have to pay for my own licenses. Boy, am I glad to be back to Komodo…
I’m not saying that Eclipse is bad, it just has a different view on how certain things should be done than many other IDEs/editors. I prefer to write my code in Python because it fits my way of thinking. Similarly, Komodo just fits my brain much better than Eclipse does. On top of that, Eclipse still just seems too memory hungry for me, despite my recent computer upgrade.
The main take-away from this, however, is that I need to learn to pay for the software that I use instead of suffering quietly while waiting for the free versions to come out.
Camera
It’s never really been a question of what to buy. I’ve always been able to find answers to that. A friend who is trying to pull me into the area thinks it’s a question of whether to buy at all. But it’s not. The answer to that question has always been “yes”. The real question, that has been eating at me for several years now, and with increased intensity over the last six months or so, is much deeper than that. I’ve been keeping track of the market for years now, and have been on the verge of buying once or twice already. What to buy has obviously changed several times during that period, and the cost involved has certainly changed drastically as well. Now is the first time, though, that I’m starting to feel that the quality I would be getting can somehow justify the price I would be paying. Still, it feels a bit painful when I consider that it may just be the geek boy in me wanting another shiny toy to take apart, “figure out how it works”, and then drop on the side with all those other toys in my past. And I can already see the look of supressed shock on my mother’s face as I tell her how much it cost. I always have a number of different ways to judge the toys I buy. I consider their build quality, their visual appeal, the way they feel in my hand as I use them, how much I expect that I will actually use it, and the way my mother will react when I tell her how much it cost. I always seem to go a little bit further on this last scale with every purchase I make. This one, I feel, would certainly take the prize. So no, the question is not what to buy, it is not whether to buy and it’s not even when to buy. All those things have relatively clear answers. I can even find answers to questions like How will I keep myself from simply losing interest and placing it in the drawer with the rest of my old toys? or What does Kaia really think behind her facade of “sure, go ahead and buy it”?
The truly difficult question is this one: How will I handle the look of horror on my mother’s face and the disapproving timbre of her voice as I tell her?
