Twisted 8.2.0pre1
Please try out the first (and hopefully only) pre-release of Twisted 8.2.0, the first Twisted release since April.
Downloads
Release notes
Please try it out and report any bugs.
A meme that is not a quiz, thankfully
There's a meme about books that's going around:
What you do is grab the nearest book, turn to page 56, and post the fifth sentence to your blog.
First, the proof:
This picture was taken after rotating about 120 degrees in my chair. The Kindle in the picture probably is a few inches closer than the rest of the books, but first, it's unclear that it's a book, and second, its ebooks don't have page numbers.
So I chose the book on top of the stack (not the Nintendo DS game case that's at the very top: that's The World Ends With You). The line reads as follows:
Events that do not command our attention hardly exist for us, even if they influence how we perceive, feel, or react.
It's from Artful Sentences: Syntax as Style by Virginia Tufte. This book is made up mostly of quotes, so the line is actually a quote from another work, by Gerard Roth: The Quest to Find Consciousness.
(I've added the interactive-fiction tag to this post even though it has nothing to do with IF, so that my readers who only follow that tag will see it).
Planet IF: Now slightly less buggy
I've updated the software behind Planet Interactive Fiction to a new version/fork called Venus. This should fix that bug which caused some blog post titles to be replaced by the username of the person who authored the post. I think this was affecting Wordpress users who used images, or something.
Other than that, the templates are exactly the same, so you shouldn't notice a difference.
Just so I don't feel like a slacker
I took a week off from work this month (and I'll do this once per month until the end of the year, since my vacation time doesn't roll over) and have been trying to actually use it productively. Here's a list of some interesting things that I've done so far:
- Twisted stuff: there was a developer sprint on Sunday that Itamar, Glyph, Jean-Paul and I attended, and since then I've been sporadically (but much more than usual) reviewing branches to try to get a release out. Speaking of which, Twisted contributors: please review #3487!
- Did a bit of evangelism for the new GarGlk project on Google Code, organized a mailing list and rustled up some members, and started making an Ubuntu package for the new Gargoyle. You should see something by the end of the week.
- Worked on my own interactive fiction game, which is progressing at just about the right pace to be ready for the GameplayComp mini-competition in September of 2009.
- Posted a couple of updated extensions to the I7 Extensions page: Emily Short's Ordinary Room Description and Jesse McGrew's Dynamic Objects.
- Watched Resident Evil: Extinction (the third in the series), which did not have as good an ending as either of the first two.
Oh yeah, and if you're in the mood for something spooky for Halloween (or as I like to call it, All Hallow's Evening), check out Dave's latest blog post.
Im in ur web site, postin ur Inform 7 extensions
Hi, this is a quick note that now people who want to add extensions to the Inform 7 Extensions Page should now contact me at i7extensions@wordeology.com; Emily Short has handed off the responsibility to me, and I've just updated Liquid Handling and Supplemental Actions by Al Golden, and Epistemology by Eric Eve.
Hopefully at some point the email address will be replaced by a web form that streamlines this process a bit.
Glulxe packages for Ubuntu
So I got all the IFComp 2008 games, unzipped them, and tried to play them. Then I found out I didn't have any decent interpreters for the games and couldn't find Ubuntu 64-bit binaries for them on the net. So I decided to start making packages.
Glulxe (using the glktermw backend) is now packaged and available in a Launchpad Personal Package Archive that I just set up. You can get it by adding the following software source to your Ubuntu machine:
deb http://ppa.launchpad.net/ubuntu-if/ubuntu hardy main
And installing the 'glulxe-term' package.
edit: Thanks to Peer Schaefer for the original packages, on which my packages are based. Sorry I forgot to mention in the initial post!
I hope to offer 'glulxe-gtk' package soon; ideally, I'll replace both of them with a 'glulxe' package that can dynamically use any Glk backend by making use of GlkLoader, but that'll probably require some real coding.
I'm also working on packages for Gnome Inform 7, but unfortunately they contain proprietary code so I can't publish them on the PPA. I'm hoping to be able to split that package so that I can create a 'gnome-inform7' package separate from an 'inform7' package, but that's iffy because it would make installing from .debs without a repository significantly more annoying - right now you just click the .deb link on the Inform 7 web site and then click "Install package".
Anyway, look out for more Ubuntu/IF work soon.
Interactive Fiction Competition 2008
There are a slew of posts about it on Planet IF, but given that my readership is largely outside of the IF community, I'm going to mention here that IFComp '08 is now under way and is accepting votes. There are 35 games which you can get in one bundle. Most of the games can be run on any computer (Linux, Mac, Windows), with a few platform-specific (Windows-only) games.
In case you don't know what interactive fiction is, you can read Emily Short's short introduction. If you're looking for the interpreters needed to run the games, you can check out the relevant page on IFWiki.
This is the fourteenth year that the competition has been running (I was eleven when it started!), and it's the first in which I've decided to vote. Please join me.
This is a Rant
Edit: see end of post
Linux.com :: Protecting your MySQL database from SQL injection attacks with GreenSQL
This is an article (written by a very clueless person) about GreenSQL which is a tool (written by a very clueless person) that acts as a proxy between an application and a MySQL database which attempts to detect malicious, likely-injected SQL statements.
Do not interpolate strings into your SQL statements.
Then, there are all the hilariously dreadful comments.
"better yet, encode the bloody data before you shove it in there" --AnonymousDo not interpolate strings into your SQL statements.
"Do you honestly think that anybody who doesn't know how to use simple, foolproof SQL-quoting functions is really going to be able to figure out how to correctly set up a package like this?" --AnonymousDo not interpolate strings into your SQL statements.
"Why don't you try to actually learn to secure your code instead of being a lazy (or completely unskilled) administrator? Surely mysql_real_escape_string() isn't too hard to incorporate?" --AnonymousDo not interpolate strings into your SQL statements.
Look, it's simple. Most database interfaces have a function called 'execute' or similar which takes two arguments: a string of SQL with markers like '?' in it, and then a tuple of arguments to be used as the values of those markers.
execute('SELECT * FROM users WHERE name = ? AND email = ?', ("radix", "radix@twistedmatrix.com"))Do that. Don't do any of the following:execute('SELECT * FROM users WHERE name = %s and email = %s' % ("radix", "radix@twistedmatrix.com"))name = "radix";
email = "radix@twistedmatrix.com";
execute('SELECT * FROM users WHERE name = $name and email = $email');
String escaping is an absolutely retarded alternative to this. Why would you bother escaping or "encoding" your strings when you can simply use the database API as it was intended, without interpolating strings?
Edit: This concept of passing parameters has nothing at all to do with the "prepared statements" feature of popular databases. This is a much simpler feature. This is not a new feature. This feature is commonly called "bind parameters", and it has been around for decades.
Why do so few people know about this?
Gmail and HTTPS
If you use gmail, all of your email is probably going unencrypted over the Internet, allowing fairly easy snooping of all your sensitive data. You may feel good that there's an "https://" in your address bar after you type "gmail.com" into it and hit enter, but notice that after you authenticate and start reading email, it's gone back to "http://".
It's been possible for a while to work around this and use https even for email content if you knew what to do in the address bar, but now gmail has made it easier. There's a new option in the main Settings screen called "Always use https". I strongly encourage all gmail users to turn this option on.
It's still really lame that they haven't made it the default mode of operation. Come on, gmail, don't you care about privacy?
Ecru
Remember how I was talking about restricted execution, and mentioned that thing "Monte" that doesn't actually exist? Well actually I was trying to refer to Ecru, a new E implementation in C. After being announced to positive reactions on the E mailing list, Allen posted on his blog about Ecru and why he started the project.
I'm excited about this project. E is a language which is specifically designed to solve the types of problems that I want to solve, but Ecru has a long way to go until it gets there. I hope it gets more contributors!
As for Lua: I do think it's feasible for some serious restricted execution work (or at least I think it might be - I haven't really proven it yet), but I'd much prefer Ecru, because E is so much more sensible a language.
Subscribe to:
Posts (Atom)
