Here's the login pattern:
Elliotte Rusty Harold recently wrote about the problems with using GETs for confirmation.
I wanted account signup to involve being sent an email to ensure the user had given a legitimate email address, but cognisant of the issues Rusty raises, I made the email received on signup link to a further form the user then has to submit to truly activate the account:
I originally had the "forget password form" directly resetting the password, but then I realised someone could maliciously enter the email address of another user to reset their password. Not a security issue so much (the new password goes to the right person) but it's a nuisance for the person if they didn't request the reset.
So I adopted an additional pattern where an email is sent which then takes the user to a reset password form:
In both cases, the URI in the email includes a hash in the parameters so the GET that leads to the form can't be faked.]]>
It took me a little while to work out how to translate my ScriptAlias directives in Apache to lighttpd (hint: configure mod_alias to map the request path to the CGI script then mod_cgi to recognize files ending in certain characters as being CGI scripts)
The only problem I now have is I've killed anonymous SVN access on pyworks.org because I was previously serving it up via Apache. I'm still investigating alternatives to running Apache just for this purpose.]]>
"I can go back to using Emacs!" I thought to myself (actually, I probably typed it out loud to Ulrik over IM)
All that remained was to find a more up-to-date OS X build of Emacs. OS X comes with 21.2 but the greek.el above requires 21.3.
My initial Google searching found that a lot of Emacs for OS X work ended in 2003.
Then I stumbled across this: Carbon Emacs.
Emacs 22 for Tiger (with Universal Build).
The anti-aliasing is beautiful and greek.el works a charm.
Now to dig up my old .emacs file...]]>
I am pleased to announce the release of Leonardo 0.7.0.
Leonardo is the Python-based content management system that runs this site and provides blogging and wiki-style content.
New features include:
Plus some internal cleanup and bug fixes.
You can download it from the Leonardo Website.]]>
It's hard to describe just how much this means to me. Doing a doctorate is by far my oldest goal in life. I was about eight when I decided I wanted to do a PhD. In high school, I wanted to do it in theoretical physics (specifically general relativity) but 18 months into undergraduate studies decided I wanted to do it in linguistics.
Various reasons, both personal and commercial, delayed my commencement by a decade. But I always knew I wanted to come back to it. I'm finally on the path. Thank you to my referees and to my new supervisor, Andy Spencer.
Undoubtedly you'll hear a lot more about it on this blog over the years.]]>
Last year I expressed my disappoinment about missing ETech because of SxSW but this year (when they were scheduled at different times) I've missed them both :-(]]>
They offer both a REST and SOAP interface. It took all of a minute or two for me to grok the REST interface. Just had to map a couple of things into a well-known mental model. With the SOAP interface, I felt far more like I was having to learn an entirely new way.
Of course, that comes as no surprise to me ;-)]]>
It sure looks nice so far. If software is judged by how it is configured, lighttpd is wonderful. A breath of fresh air!]]>
I'm now delighted to announce the website that will be the home of our collaborative work:
I've transferred my MorphGNT files over there and Ulrik has done the same with his Tischendorf 8th and Strong's Dictionary.
We've been working on a bunch of other stuff for the last few months which will eventually find its way on to that site too.]]>
For recreation, some people like to do NY Times crosswords puzzles in ink. Me, I like tackling small, incremental, computer programming tasks.
I can totally relate to that, as I'm sure many readers of this blog can. But it was Sam's title that really caught my eye. Recreational Programming is the term my significant other and I use to describe my various open source tinkerings.
I think we came up with the term after a conversation something like this many years ago when we'd only just started going out and she had no idea what she was in for...
HB: What are you doing? Me: Programming. HB: Late on a Saturday night? Is work really busy? Me: No, it's not work. HB: So why are you doing it? Me: It's fun and it's relaxing. HB: You find programming fun and relaxing? Me: Yes. It's a form of recreation for me.
After that, the term recreational programming stuck. HB gets why I do it if I use that term.
So now conversations are more like:
HB: What did you do last night? Me: Recreational programming. HB: Cool!
HB: What did you do last night? Me: Tried implementing the Unicode Collation Algorithm in Python. HB: You're strange.]]>
It includes an enhancement to the comment module by Bryan Lawrence that provides for a maths-based captcha to help prevent comment spam. Basically you'll need to do a simple addition to post a comment.
Hopefully this will stop the literally thousands of automated spam comments I receive each month.]]>
I'm currently implementing the account sub-system: sign-up, activation, login, etc.
Once that is done, I'll probably go live with it, even though you won't be able do anything with your account just yet.
Remember you can always subscribe to the announcements feed on the Quisition site for announcement when new things become available.]]>
and open it in Safari, it will cause a crash (you have been warned!). In Firefox, it works exactly as expected.
The report includes the following:
... Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000001b8
Thread 0 Crashed: 0 com.apple.WebCore 0x95994984 DOM::DocumentImpl::tagName(unsigned) const + 36 ...
They've just launched their latest venture, Minti, which is a parenting advice site with user contributed articles, rating, tagging and all that Web 2.0 goodness.
Check it out: http://www.minti.com]]>
Thanks to both Dave and Joe I was able to make fixes to Demokritos. I didn't do a release immediately, but here it now is:
This version has successfully worked with two independent clients now, so it's getting into reasonable shape.
The upcoming 0.4.0 release will include authentication.]]>
I've been toying for a while with writing an AJAX-based Atom client. The natural name for it would be Leukippos. (Leukippos was the teacher of Demokritos and co-originator of the Greek idea of atoms.)
Anyway, tonight I made a start. My first version of Leukippos retrieves an APP introspection document via XmlHttpRequest, parses it to retrieve the workspaces and collections and allows a user to click on a collection to retrieve it.
I'm not finished collection feed parsing yet, but once that's done and I've prettied it up a bit with CSS, I'll post it here.
My ultimate goal would for it to function something like TiddlyWiki but, of course, with Atom Protocol support (an idea I've mentioned before).]]>
What I didn't know until today, however, is that Demokritos was also responsible for some economic thought that was well before his time.
I've just started reading Economic Thought Before Adam Smith, Volume I of An Austrian Perspective on the History of Economic Thought by Murray Rothbard. It is a tour through the economic thinking of the Greeks, the Romans and the Scholastics of the Middle Ages and Renaissance, largely arguing against any claim Adam Smith might have to being the father of economics (and, in fact, suggesting many of Smith's ideas were a step backwards).
What particularly caught my interest in the first few pages, though, was that Demokritos was the first recorded proponent of the subject value theory. Demokritos believed that moral values and ethics were absolute but that economic values were subjective. He was also the first person we know to write about marginal utility and time preference. All these concepts are core to the Austrian School of the 19th and 20th century and are considered innovations beyond Adam Smith and yet Demokritos was discussing them in a rudimentary way at the time of Socrates!
I talked a little bit about subject value theory and marginal utility in One Red Paperclip and the Benefits of Trade.]]>
Now I realise none of these measures are equivalent to 1/3". I've read contradictory information about why a 4:3 ratio sensor with a diagonal of 6mm is called a 1/3" (although note that 4.8mm + 3.6mm is almost 1/3") so we'll just treat 1/3" as a name for 4.8mm x 3.6mm.
This is a fair bit smaller than 35mm film as you can see from this comparison chart I've drawn up (which includes both sensors and film for both still photography and motion pictures):
Why are there two pictures for 35mm? 35mm motion picture film frames travel vertically whereas 35mm still film frames travel horizontally. So the width you see of the 35mm motion picture frame is the height of the 35mm still frame (24mm). The aspect ratios are also different. Motion picture film is 4:3 whereas still is 3:2. Note however that, in the case of motion pictures, not all of this area is used as the sound may be recorded along one side (reducing the width to around 22mm) or the top and bottom of the frame masked to change the aspect ratio to the more common 1.85:1 used in movies.
APS-C is the size used by some DSLR still cameras such as my Canon 10D. You may have heard me mention how much I'd like a 5D which has a full-size frame, by which I mean the 35mm (still) sensor at the bottom.
Professional video cameras typically use 2/3" sensors. The use of a 1/3" sensor in the "prosumer" HD cameras like my JVC are one of the key things that distinguishes them from the truly professional cameras. Note, however, that an HD camera with 1/3" sensors is capable of producing images of a higher resolution than a 2/3" standard definition camera.
Lucas used cameras with 2/3" sensors in Episode II and III. There are high-end video cameras with full-frame (i.e. 35mm) sensors in the works.
The size of the sensor impacts things like cost, light sensitivity and the field of view relative to focal length (I'll talk about that last one soon). Ironically, a smaller sensor (like a 1/3" versus 2/3" in video or an APS-C versus 35mm in DSLRs), although cheaper to manufacture and considered less professional, actually requires a sharper lens to resolve the same resolution. A small sensor is packing more lines per mm so a lens has to be capable of resolving that.]]>
I just discovered how to do this. The command is hdiutil.
To mount a disk image:
hdiutil attach SomeDiskImage.dmg
Although I haven't tried it, I believe the disk image can be referenced by URI.
hdiutil detach /Volumes/SomeDiskImage/
I've added this to my Headless Tiger page.]]>
Demokritos is a Python library and content repository implementing the Atom Syndication Format (RFC4287) and Atom Publishing Protocol (currently a standards track Internet-Draft)
You can download the code at http://jamessaiz.en.wanadoo.es/2006/demokritos/demokritos-0.3.0.tgz
This release add persistence using a Subversion backend and has been updated for draft-ietf-atompub-protocol-08
Note that you'll need Subversion 1.3 with the SWIG Python bindings built.
At this stage, Demokritos is not really intended for anything other than interoperability testing with Atom clients. However, the library for parsing and generating Atom feeds might be useful standalone as may the web and svn modules.
Demokritos is made available under a GPL license.
UPDATE: Now see Demokritos 0.3.5 Released]]>