The Nameless Site

Posting here in case anyone else needs to know.

Was trying to debug a ssh+svn connection. There is a very simple way to get debugging turned on:

$ export SVN_SSH="ssh -v "
$ svn checkout svn+ssh://

Any other ssh commands can be put in that env variable too, so ports and such.

So the last couple of weeks I’ve been playing with openid again trying to get the google federated logins working. I thought it would be a sweet setup for some of my little tools that I have to have logins for, but am too lazy to deal with user management.

So far its been an eye opener. Its not really as transparent as I thought. You still need some sort of storage system to store openid keys. I sorta cheated, since my apps are only using google logins, and I can “require” emails, I just made a little config file with emails in them.

Last project was php, ended up later being kohana v3, which has all the error/warning levels turn right up full. Which is awesome. Except the one openid library I could find was pretty heavily written for php4, and when php5 code used it, it would error like mad. But the samples and everything worked out the box. Started to port/upgrade, got tired, started to look for other libs. Found a ported version of the lib, but it seemed to fail every time I used it. Tried out janrain’s service rpxnow. But considering you had to set up a new setup each time to point to the different boxes, it didn’t seem like a good plan for an “easy to deploy system. Finally settled on lightopenid which turned out to be very simple and easy to setup.

Fast forward to tonight.

Tonight was perl night. Had an old script I figured I could turn into a web interface. Wanted an excuse to play with dancer anyways. Go check on cpan, find out that Martin Atkins (one of the ones I worked with while volunteering with livejournal) released, or at least helped out with Net::OpenID::Consumer. Figured sweet, cpan modules seem more hardened and easier to use than php libs, so I figured it would be easy to setup.

Whoa was I mistaken.

Started off simple. Copy and pasted the example code into a .cgi file for testing.

Oh, missing modules, okay, it was more pseudo code, so no worries.

Added use statements, installed modules.

Hrm, nope, still no go.

Oh, the $csr->claimed_identity(“https://www.google.com/accounts/o8/id”) and $claimed_identity->check_url calls only need to be made once? Okay, that was commented, but not really clear, no worries, simple little fix.

Yay! now its redirecting and returning just fine. Oh wait, its complaining about bad_mode, something about setup_needed.

Fast forward a couple hours, after much googling, and reading code, and looking at other implementations, and my favorite codesearch.google.com I could find nothing. Still nothing about this setup_needed. More googling. Found an unanswered mailing list post by Martin. But still nothing.

Finally, flash of random insight. What other modules are used? Looked a bit more closely at the code. Net::OpenID::ClaimedIdentity which leads me to the documentation. Vaguely it made clear to me that if you are not using an ajax popup, you should set “delayed_return” which means the openid provider (google) can take control of user, and popup any sort of validation it needs. Which google does at least the first time you request it from a new trust_root (learned that from my work on the php code).

Quickly updated my code to the following:

my $check_url = $claimed_identity->check_url(
delayed_return => 1,
return_to  => "http://localhost/cgi-bin/test.cgi?yourarg=val",
trust_root => "http://localhost/",
);

Ran my test again. Everything is golden. Works perfectly out of the box. Next I need to look at AX support, and moving the code into dancer (or something else).

I’m hoping that since I had trouble, and figured it out, someone else can find this post for searching and hopefully reduce someones frustrations.

Ah, the things that people believe on the internet. I’d like to believe its not work that is making me paranoid, but it mostly is. Plus I get paid to help try to find the flaws in things before the time is spent developing them.

The interesting about this thing, is when I first saw the title of the facebook group, I was sure that was odd, but I quickly ignored it and moved on. Then I saw it again tonight, and I started to do a bit of digging.

http://www.brain-thee.co.uk/2010/01/how-to-tell-a-scam-on-social-networking-sites/ manages to describe my thought process pretty well actually. But I went a few steps more. I got very weirded out by the fact they wanted me to use javascript to select all my friends for invite (I still can’t believe I immediately recognized that javascript the second I saw it.). So after I visited the page they said you could only visit after you invited your friends (look at that, I visited it fine).

Anyways, to make a long story short, I started to dig through the js on the page, found out its essentially a small page with a ad or something to c p a l e a d (dot com, I don’t want to link to it). That in itself isn’t that interesting, its the fact that it tries to detect firebug so you can disable whatever it does (video maybe? I run with noscript so I don’t see it).

I put the code up on pastebin @ http://pastebin.com/d40ea2d1c for anyone who is curious. Its simply the only javascript on the scammers page after I ran it through the reverse dean edwards packer.

sub rw { my $word = "$_[0]"; $word =~ s/(.)/rc($1)/ge; $word;}
sub rc { return ((rand(1)*2+1)%2) ? lc($_[0]): uc($_[0]);    }

(i don’t care about efficiency or whatnot, i was just creating a simple function for a unit test, it just looks like someone threw up some letters.

Tonight I was trying to convert the old custom quote system I used for #arc to qdb just for fun. I was trying to find out the code used by qdb.us/bash.org but came across this peice of code called OSQDB.

Here’s an exerpt of code called whenever a new quote is added.

$get = mysql_query("SELECT * FROM quotes ORDER BY id DESC LIMIT 1");
 
while ($count = mysql_fetch_array($get)) {
    $tempid = $count["id"];
}
/* Increment the id */
$newid = $tempid+1;
$sql = mysql_query("INSERT INTO quotes SET id = '$newid'");
$sql = mysql_query("UPDATE quotes SET quote = '$newquote' WHERE id = '$newid'");
$sql = mysql_query("UPDATE quotes SET comment = '$comment' WHERE id = '$newid'");
$sql = mysql_query("UPDATE quotes SET ip = '$ip' WHERE id = '$newid'");

1) It loops through 1 entry trying to find the latest entry number (I’m sure max() is faster than order by and limit).
2) Once its it found, it does one insert with the id being set. Then it does 3 more queries setting each field in its own query.

That sorta explains why the db doesn’t have auto_increment fields turned on, but its scary. I’m afraid of looking at much more of the code. Luckily I then found Rash Quote Management System. I don’t like this one very much either.. but they are more personal reasons versus code issues.

I should clean up and submit patches (it doesn’t seem to have been updated since 2006) for rqms.

Ever since playing with alot of javascript and ajax for some of the new job stuff, I have been itching to rebuild yaoirpg, I’m sure its plenty full of holes and bugs, and you have to keep manually resetting everything..

I doubt it’ll ever be battle mines, or legend of the green dragon, but it’ll be fun to play with more AJAX and such.

New Version of MTLJPost 1.9.2

Apparently there is confusion all over, so here’s an email from the mailing list:

Okay, i thought i got all references to the extra files in the docs, but
i didn’t, and its a little late for me to try and rewrite the docs tonight.

Installation is just:
plugins/MTLJPost/MTLJPost.pl

Everything else is linked from the main interface using the new 3.x
plugin interface.

If you goto a specific blog, you can set that one up.

I removed all the extra files to make installation simpler, little did i
know everything was opposite ;)

PS, my archiving script broke, so there was a bad version of the files
up there up until about 5 minutes ago, so i suggest everyone redownload.

Gavin

I’m still trying to work out a new MT plugin to do podcasts cleanly for HiSciFi (and smile like a donut).
The current MTEnclosures works, but its sorta too general purpose to work cleanly, Jevon wants me to add itunes rss tags to the feed, and I can’t do that with the current plugin.

Just trying to figure out how I want to do things. This CMSEnhancer plugin looks pretty cool, I could make this into a REALLY cool plugin if I did it that way, or a less interactive one and depends more on parsing the post otherwise.

We’ll see won’t we.

I still have to get thier new template finished and installed. Wonder which is more important. Probably the template as enclosures do work, just not well enough yet.

I can never remember what version of website it is, doesn’t actually matter, just that I now am using kodepost, which is my new web site software which is only for “blogging”. Doesn’t have all the other pages like halkpost attempted to, or anything like that, just is straight forward, has templates, comments, and trackbacks.

Unfortuatly its not 100% done, the posting interface needs alot of work, some of the templates totally suck (might notice May 2005 on just about every entry page), few other things like that.

But ‘m very happy that people can comment now (not that I actually expect any, but now the ability isn’t broken).

To fix in the immediate future.
* Archive links.
* Trackback discovery when posting
* Comment / Trackback notification

whoo, its good to code again.

Man do I love Open Source Web Designs. If i didn’t use that site for at least the base, my sites would look as crappy as they did back in ‘95 :)

Anyways new look, I’m quite happy with it, still needs some tweaking, but much better than the previous all white one.