August 11, 2008, 15:38
I recently found a shell injection bug in some Ruby-gem I use.
Shell injections have scared me for a long time and I usually prefer to whitelist certain characters/patterns rather than to blacklist. This means that the system fails to the save side. Unfortunally it usually does fail - my whitelisting is to rigorous and data that would not cause any problems gets rejected. So I decided to take the opportunity to investigate how to prevent shell injection in my favorite scripting language (Python), the language I found the problem in and finally the language that I can not avoid (PHP).
Continue reading 'Avoiding Shell Injection in Ruby, Python and PHP.' »
August 3, 2008, 17:18
In one of my rails-projects we had problems with deadlocks during transactions:
"A ActiveRecord::StatementInvalid occurred in ...: Mysql::Error: Deadlock found when trying to get lock "
Continue reading 'Mysql::Error: Deadlock found when trying to get lock' »
July 12, 2008, 16:59
Having your private data on a laptop is dangerous, since it might be stolen. The only way to protect your data is to encrypt it. This post describes how to encrypt the home directory of your users on GNU Linux with the help of TrueCrypt and PAM. For convenience the login-password is used as encryption key. Continue reading 'Automatic encryption of home directories using TrueCrypt' »
July 3, 2008, 14:48
I tweaked the robots-meta plugin by Joost de Valk for WordPress to support the noarchive tag. This prevents google and archive.org from providing cached versions of your blog.
I've put up a mercurial repo with my version at http://www.littleimpact.de/hg/robots-meta-hg/.