Archive for March, 2008


Hooray!! Today is Document Freedom Day ūüėÄ


Read Full Post »

As I mentioned before, in Linux, it is very simple to setup your own personal firewall. In fact, it is so simple, that you only need about one minute (depending on how fast you can use your keyboard).

All you need to do is write the following script:

iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

That’s all! This mini-script will block everything (from the outside), except the connections you have started yourself. You may need to setup a few environment parameters first and make sure your have a fresh iptables installation (no rules already¬†installed).

Check out a few links with little advanced versions of a basic personal firewall and some future explanations:

Read Full Post »

I recently switched from the django svn trunk to the newforms-admin branch ‚ÄĒ mainly because I wanted more control over the querysets, which are used in the admin interface. In the end I had to patch the code myself to get it working, but the newforms-admin has a few other advantages (and¬†disadvantages).


Everything is written in newforms. For administrative purposes this doesn’t really makes any difference, but for django.contrib.auth it does. Till now login and password reset/change forms where using oldforms too and that was very annoying. With the newforms branch you can easily add all this nice admin features to your¬†page.

For example, to add a “Password forgotten” feature, all you have to do is add some URL¬†patterns:

File: yourproject/urls.py

from django.conf.urls.defaults import *
from django.contrib.auth.views import *
urlpatterns = patterns('',
    # ...
    url(r'^password/reset/$', password_reset, name='reset_password'),
    url(r'^password/reset/done/$', password_reset_done),

And make you own template:

File: registration/password_reset_form.html

{% extends "base.html" %}
{% block content %}
    <form action="." method="post">
            {{ form.as_table }}
        <p><input type="submit" value="Reset password" /></p>
{% endblock %}

You’ll also need a registration/password_reset_done.html template and if you don’t like the default message a registration/password_reset_email.html template.



Since the Admin class is decoupled from the model classes, you’ll have to change all your models to get them working with the new system. Sounds harder than it is. All you have to do is make a new class, register it with the administration system and copy the contents of you model’s Admin subclass to the new¬†one:

from django.contrib import admin
class BlogAdmin(admin.ModelAdmin):
    prepopulated_fields = {'slug': ('title',)}
    list_display = ('title', 'author')
    date_hierarchy = 'published'
admin.site.register(Blog, BlogAdmin)

If you use third party add-ons like django-tagging or django-registration they will not appear in you administration, but they will still work. Only a few apps are backwards incompatible.

Here’s a list of apps that I¬†use:

App Compatible Admin Support
django.contrib.* yes yes
django-registration yes no¬Ļ
django-tagging yes no¬Ļ
django-robots no² no²

¬Ļ There is no newforms-admin support, but with this app you don’t really need¬†one.
² I submitted a patch to introduce newforms-admin support.

Apps that don’t use models are always compatible and, obviously, don’t need the admin¬†interface.

See also:

Read Full Post »

So here they are:

  1. it’s free
  2. it’s faster
  3. it’s secure
  4. it’s simpler
  5. it feels good

1. Cost

Maybe it isn’t the primary reason why to use a Linux server, but I just don’t get why people pay loads of money for a lot less freedom. Linux is free and will always be free. A Linux system administrator costs the same as any other sysadmin. Use Linux and give the money you save to charity!

2. Speed

There are many arguments and “Facts” out there why one server system is better than the other one. I guess in the end it depends on which software packages are used. But as a general fact: You can easily customize/optimize your Linux apps, unlike proprietary software equivalents. You can start by compiling everything with all the powerful CFLAGS that your CPU supports. You can really use 64bit CPUs system. And it’s much easier to change one line in a config file, with your favorite editor, than work yourself through slow GUI windows, restart the whole system and hope you clicked the right check box.

3. Security

There are nearly no viruses known for Linux. It was always a multiuser, network-connected OS. From Day One it was designed to be safe. The firewall (iptables) is embedded directly into the hardware abstraction and blocks the bad guys before they even reach the application layer. Do I have to say more?

4. Simplicity

Package managing is easy as hell. Type in two commands and you system is up-to-date. (e.g. Gentoo: emerge‚ÄĒsync && emerge -uDN world or Ubuntu: apt-get update && apt-get upgrade).
You need about 10 – 20 iptables rules to make a basic, but powerful and customized firewall. OK, iptables is a little confusing when you see it the first time, but once you got it, you can write your own firewall in an hour max. And it works! Stable!
You also have a clear and transparent way to manage you startup services and/or handle them during runtime.
These are just some examples.

5. I love Linux

It just feels good to have an OS not made by a bunch of greedy bastards! It is made by people like you and me. And it is transparent: there are no backdoors that allow the company and/or the government to spy on you. And if someone tires to add backdoors/spyware/rootkits/etc., well it’s open-source, so there are always some people who browse through the code of a new app (out of curiosity or because they want/need to know how it works) and at least one of the will find the dubious code before the app gets spread out around the world.

P.S. When I say Linux, I mean of course GNU/Linux.

Read Full Post »

<strong> is not <b>

Many people‚ÄĒactually only many web designers‚ÄĒare under the impression that it’s cool too use the <strong> tag instead of the <b> tag. Well, I’m¬†not!

What’s the difference, you may ask? Actually a lot. <b> has a pure physical meaning, it stands for ‘bold text’ and it always will stand for bold text. <strong> on the other hand has a logical meaning, it’s used to highlight text parts. The key phrase here is ‘highlight’. How it’s highlighted in the end is the choice of the (stylesheet) author. The fact that most browsers auto-bold <strong> is no excuse to use it as a replacement of good old¬†<b>.

Don’t get me wrong, <strong> is great and everybody should use it at least once a day. But always¬†remember:

If you want strongly emphasized text use <strong>.
If you just want bold text, use <b>.

It’s exactly the same for <i> and <em>. Italic text is not the same as emphasis. Not on the web! On print media it makes sense to bring out the importance of a paragraph with italics because you have no other choice (OK, you have capitals and stuff, but do you want to read a whole paragraph written in caps?). But we are living in the third millennium and we have CSS to highlight our content in a lot of ways¬†(color!)

Again: Bold and Italics are the physical parameters of a letter. You can measure them. You can’t measure emphasis. Your brain gives parts of a text a stronger meaning than the rest. If you take a letter out of an important phrase it looses it’s important. If you take a bold letter out of a bold word, they letter is still¬†bold!

If you still don’t get it then go on using FrontPage(tm or something) to make your websites‚Ķ¬†ūüėČ

So why are there <b> and <i> tags? Because when HTML was “invented” nobody had any idea someone would still use it 20 years later ūüėČ So there are a lot of (X)HTML tags that are not important and some important tags are¬†missing¬Ļ.

So what I do is, I use <strong/em> to support the meaning of text and <b/i> to assure the appearance of text.

¬Ļ But HTML 5 is on the way, yeah!!¬†ūüôā

P.S. Don’t even think about underlining! Except hyperlinks of¬†course.

Read Full Post »

Webcomic Tribute to Gary Gygax

A few days ago Gary Gygax died. I’m not realy a D&D fan, but since all my favorite webcomics payed their tribute I’ll share it with you:

* PA was first,
* then QC (see blackboard),
* and quite a nice one from xkcd

Read Full Post »

A little demonstration how to use textile and djangos (free)comment system to “take over” a site:

%{display: block; position: absolute !important; top: 25px; left: 25px; z-index: 100; background-color: red; font-size: 50px;}Your text here ... site hacked%

Textile allows CSS per default -> you can do anything with CSS -> so it’s quite easy to position any amount of HTML code anywhere on the site… Bad textile!!! Give it a try and post the code example from above on your favorite textile powered site.

Apart of being a fun hack, it could be used to exploit users by overloading links, so that they point to phishing sites.¬† So don’t allow untrusted people to use textile markup!

Read Full Post »