This is not a meta title

A certain website had a few vuneribilities including XSS and leaking passwords.  The fixes were:

• The <script> tag was turned on for pending users.  Configure off.  All other users get their tags filtered against a safe list
• The superuser always skips the filter and sees all tags.  I can’t fix this, but I’ve changed the cookie so that its not useful to a cookie catcher
• The ‘password’ in the cookie was just a hash of the password.  It is now a hash of the password, the IP address of the client, and a secret.  A leaked password should only be usable from the same IP
• The ‘password’ field has been removed from all forms and replaced with cookie based authentication

I’m using Python to test the code generated by a C compiler.  Many of the tests are along the lines of:

a = 5

b = 10

result = run_c_code_for_add_in_emulator(a, b)

assert result == a + b

This works fine except when dividing integers with rounding. Under GCC on x86, -100/30 is -3, but in Python -100//30 is -4.  Hmm.

This has the interesting side effect that in Python 2.5 -a/b != -(a/b).

The work-around seems to be to do it explicitly as int(float(a) / float(b)) is -3.

Why does a NZ Big Mac have 464 calories, a UK one 495, and a US one 540?  It might be differences in weight but it’s hard to tell.

A man goes to his doctor and tells him, “I’ve had the song ‘What’s New Pussycat’ stuck in my head for weeks, and it’s driving me crazy.”

The doctor says, “Well, I think you may have Tom Jones disease.”

The man says, “I’ve never heard of that. Is it rare?”

The doctor says, “It’s not unusual.”

Thought I’d move from Rimu Hosting to Dreamhost.  The VPS we’re on is just too slow and anything that brings the load down is good.

I can’t move the secure sites as Dreamhost doesn’t provide any type of SSL, even a self signed cert from the wrong address, without switching to a static IP and handing over $50 US a year.

And as always happens, I got part way into the move and accidentally broke  something on the original and had to do a rush switch.  Ah, well.

Notes for next time:

You can check if the unsigned integer ‘a’ is greater than ‘b’ by adding the ones complement of ‘b’ to ‘a’ and testing carry.  A twos complement subtraction doesn’t work as a > 0 is always false.

Signed integers are similar but you first add 0×80000000 to both a and b.  This makes both unsigned without changing the order.

All relocated and imported. Now does posting work?

Django looks quite decent. Python (not PHP - good), built in basic admin, built in basic user accounts, and the template system is directly applicable to metaphilter.

I’ll give it a try using sqlite 3.2.6 and pysqlite 2.0.4.

Planet Planet Planet Mushrooms Mushrooms!

Use a Atmel ATTINY26
as a serial port based fan controller for a PC. Tracy’s machine is very noisy but has built in sensors for the CPU and case temperature. Use a PC app to do closed loop control on the temperature. Run it hot-ish as the cooling effect increases with the temperature differential so the hotter it runs the slower the fan needs to run.

Use a FET for the fan drive. The reset case on the micro will be full noise. Could also use the on-board ADC and a resistor divider to sense the back EMF when the PWM is off to get an idea of fan speed.

It should be very cheap - the micro is $6.20 and there is _very_ little support circuitry. Instead of using the CPUs sensor, you could add 1-wire or similar temperature gauges directly to the Atmel but at significant additional cost.