John Leach's Blog

• CIA Freedom of Information - Publish Your Own

  June 28th, 2007

  The CIA Freedom of Information website had the dumbest security hole in it.  With all the recent hoo har about the “Family Jewels” documents, you’d expect they’d do a quick once over on this stuff.  All the textual content on the document view pages is generated directly from variables passed in the url - with no input validation.

  This opens them up to cross site scripting attacks (XSS) and really is just stupid.  Lucky they aren’t the GUARDIANS OF THE LARGEST CACHE OF SENSITIVE INFORMATION IN THE WORLD or anything - *phew*.

  Anyway, using this bug, I made a website where you can write your own documents and publish them on the CIA FOIA website:

  http://geekz.co.uk/cia-foia/

  I guess that from tomorrow, any mail for me should be addressed to Guantanamo Bay.

  Actually, technically you’re the ones doing the exploiting by using the links my site provides - so, you know, at your own risk and all that.

  An example here.

  Tags:

  Posted in Politics, Tech | 2 Comments »

• local and remote subversion repositories with Capistrano 2

  June 17th, 2007

  Peeking at the code of the upcoming Capistrano 2, I noticed you can define different scm variables for remote and local use, which is something I need (I was looking at the code in the hope it could do this :)

  So, say I have my code stored in a subversion repository on my local disk, say file:///project/trunk. That’s fine for when Capistrano is querying the latest revision, but the remote servers need to use the repository url svn+ssh://mymachine/project/trunk.

  Without modifying the code, this was impossible with Capistrano v1. With Capistrano v2, you can prefix any scm configuration variable with local_ and it will be used for local operations:

  set :repository, "svn+ssh://mymachine/project/trunk"
  set :local_repository, "file:///project/trunk"

  Tags: capistrano, deployment, rails, ruby, subversion, svn

  Posted in Ruby on Rails, Tech | No Comments »

• Leeds Ruby on Rails Talk

  June 5th, 2007

  I’m talking about Ruby on Rails at the West Yorkshire Linux User Group on Monday 11th June 2007. I’ll be covering what Rail is, how it works, and how you use it. Starts at 1900hrs at the E.C Stoner (snigger) Building at the University of Leeds. There follows a talk about Sun’s ZFS file system by Tom Hall, then we retire to The Victoria Hotel pub for some real ale and whatnot.

  I’ll be the tall one with the curly hair… stood at the front… talking about Ruby on Rails.

  Directions and stuff to be found on the WYLUG website.

  Tags: rails, ruby, talk, wylug

  Posted in Ruby on Rails | No Comments »

• You are currently browsing the archives for June, 2007.

• About

  • John Leach is a human being living in Leeds, UK.

• Navigation

  • Home
  • Personal posts
  • Techie posts
  • Political posts
  • Photography posts
  • Archive
  • Tag Cosmos

• Twitter

  • John issues an xmas present update: gifts of time will be graciously accepted, especially through cooking and particularly baking 1 hr ago
  • More twitter updates →

• Author Stuff

  • Compost This
  • ELER Web Comic
  • FOSS Hole
  • New World Odour
  • News Sniffer
  • Photography
  • Profile and History
  • Recycle This
  • The Gillroyd Parade
  • Website

• Friends

  • Gianni Tedesco
  • Ian Higgins
  • James Harrop
  • Louisa Parry
  • Matt Hall
  • Matt Lee
  • Neil Briscoe
  • Neil Moss
  • Sleepy Kev
  • Tom Hall

• Stuff

  • Brightbox Rails Hosting
  • Grammatica
  • ifup
  • Indymedia
  • Media Lens
  • Mia Bambina
  • News from nowhere

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS

• Search

The text of this blog is licensed under the Creative Commons BY-ND license