This post is not related to programming per se; feel free to skip it ...
"We" are in the process of revamping our web site, and use a CMS. We have just signed off on the first part of the project (new look and wireframe) and are looking at the second (and "final") stage. As we are too small to afford a commercial solution, we are looking at open source CMS. So far, the preferred choice of our director of technology is Alfresco. The choice recommended by our usual technology provider is Joomla! My favourite would likely be Plone - given it is written in Python ;-)
Normally, we would proceed with a public tender - but given that there are few local providers, we may just proceed with the same firm that provided services in phase one. However ... If some of you reading this have work experience in this area, and would be interested in such a project, have a look at our current web site, and give me an informal time/cost estimate of migrating this website to use a [Python based? ;-)] CMS. If we do proceed to tender, you would most likely be included in our list of firms contacted to submit an offer.
Tuesday, October 16, 2007
Friday, August 31, 2007
pyglet and pygame: which one?
Pygame is great. Pete Shinners has done some fantastic work in creating it. I have played a bit with it in the past and was planning to learn to use it better, and probably write some Crunchy-based tutorials for it. Unfortunately, this will not happen. Since I moved from a PC to a Mac, and installed Python 2.5, I can not use Pygame, as there is no ready-made version for my setup. Yes, I imagine I could find out how to compile it from the source ... but there is an easier alternative: pyglet. pyglet is a pure python library, with no external dependency. I downloaded it, tried it ... and it just worked. Not only that, but when Python 2.6 will come out, I know it will still work.
I do realise that pyglet is just in alpha stage ... but it's a very impressive alpha. It is not as fully featured as Pygame is ... but it works for me, thanks to Alex Holkner.
If you're currently using pygame, there's probably not any reason to switch. But if, like me, you find that you can not use pygame with your current setup, check out pyglet. You might be pleasantly surprised.
I do realise that pyglet is just in alpha stage ... but it's a very impressive alpha. It is not as fully featured as Pygame is ... but it works for me, thanks to Alex Holkner.
If you're currently using pygame, there's probably not any reason to switch. But if, like me, you find that you can not use pygame with your current setup, check out pyglet. You might be pleasantly surprised.
Python 3.0a1 has been released!
Congratulations to all Python developers on the release of Python 3.0a1!
My favourite language is on its way to get even better!
My favourite language is on its way to get even better!
Tuesday, August 07, 2007
Crunchy-like sites for javascript and ruby
While I have been aware of the Try Ruby site for quite a while, recently I came across this interactive javascript tutorial. While none of these are nearly as flexible as Crunchy, they are nice resources that are currently available for anyone to try without needing to install anything. It would be nice if I could have a dedicated server running Crunchy in a sandbox so that people could try it out without having to download it.
flat is better than nested?
In the process of making Crunchy more secure, I had extra attention to css files that contained import statements, since these can be used to insert javascript code. I was rather surprised when I looked at www.python.org. First, I noticed the line
I wonder why the link redirection is used...
<link rel="stylesheet" type="text/css" media="screen"which, in itself, appears rather ordinary. Upon following the link, I found that the content of the css file consists of the single line:
id="screen-switcher-stylesheet" href="/styles/screen-switcher-default.css" />
@import url(../styles/styles.css);In its default security mode, Crunchy just ignores any style information that contains "url(" in it. As a result, when viewed using the default security mode for Crunchy, the python.org site's formatting is lost.
I wonder why the link redirection is used...
Saturday, July 28, 2007
Crunchy Security Advisory
A security hole has been uncovered in Crunchy (version 0.9.1.1 and earlier).
Anyone using Crunchy to browse web tutorials should only visit sites that are trustworthy.
We are working hard at fixing the hole; a new release addressing the problems that have been found should be forthcoming shortly.
-----
The security problem is as follows:
In theory, a web page could contain some javascript code (or link to such code) that would bypass Crunchy's filter to be executed by the browser. If that is the case, the javascript code could be designed to send some Python code directly to the Python backend (i.e. without the Crunchy user pressing a button, or having the chance to view the code to be executed) so that it is executed. Such code could result in deleting the entire files or installing some virus on the user's machine.
At the moment, the risk is pretty low. Crunchy already removes all obvious (and most non-obvious) javascript code, links to such code, etc. The holes found require the use of some uncommon combination of html and css code, with a particular knowledge of Firefox.
(Note that browsers other than Firefox are likely to be even more vulnerable).
Furthermore, Crunchy is not that well known that it is likely to be a target by a cracker that would 1) write a "tutorial" interesting enough to lure current Crunchy users (who, at this point, are likely to include only advanced Python users) and 2) write some fairly involved javascript code to bypass the second security layer (where the commands enabling communication between the browser and crunchy are made up of random string generated uniquely at each new Crunchy session).
Tuesday, July 10, 2007
Rur-ple 1.0rc2 : bug fix for wxPython 2.8
Three changes; a grand total of 3 lines of code. That's all I needed to change to make rur-ple work with wxPython 2.8 (and probably 2.7). It only took me 8 months to get around to fix it due to a combination of lack of time and, when I had time, my obsession with Crunchy.
Speaking of Crunchy, I found a bug today: any Python output that has something like
Speaking of Crunchy, I found a bug today: any Python output that has something like
< ..... >
in it will be such that the stuff between angle brackets will not be shown. This is because the browser thinks it is a valid tag. The first time I noticed it was when I tried to do help(cmp). Then, I was going through "how to think like a computer scientist" (before I point my son to it) and noticed that the exercise with type(...) did not work. So, it is time to do a bug fix release - but no official announcement of this minor release. I'm curious to see if I'll hear from someone about this bug prior to the next "major" release.
Subscribe to:
Posts (Atom)