Jan
07
2011
My recent post on Flickr authorisation mentioned a problem I was having trying to upload images. I was receiving an “invalid signature” message but only when attempting to upload images. Other actions (looking for new uploads, searching for tags) were all performed without trouble.
The upload fails if you supply a non-empty list of tags to the hsflickr library. In short, uploading images works like this:
uploadPhoto filename title description tags attributes
The upload will fail if the tags argument is non-null. That is, supplying tags at the point you upload the image will result in an error. Thankfully the workaround is short:
photoID <- uploadPhoto filename title description [] attributes
addTags photoID tags
Supply an empty list of tags for the initial upload, and when that succeeds use the resulting photo ID to set the real tags afterwards.
When I work out what the underlying issue is I’ll post a patch here (and punt one upstream).
Jan
06
2011
Over Christmas we stayed with Helen’s parents, though they left on Boxing Day for Forn Parts. Sadly we both got quite ill on the 27th of December. We made it as far as the medicine cabinet in the morning and the sofa in front of the TV in the afternoon. And through all that we couldn’t have a single cup of tea because there was no milk.
I consoled myself by reading Hugh Fearlessly Eats It All, a collection of Hugh Fearnley-Whittingstall’s columns, which includes a hilarious, in-depth and overblown guide to tea-making. Read it, I insist: skip down to the paragraph beginning “That’s all changed. Now, to make my tea…” and boggle.
Hugh’s convoluted method is of course just the latest in the long list of articles written in pursuit of the Perfect Cuppa™. The most famous I know of is George Orwell’s A Nice Cup of Tea though there are definitely others. (Edit — As if to prove the point, I’ve just spotted Christopher Hitchens writing about the same topic at citing Orwell too.)
When I couldn’t face any more reading we watched Wallace and Gromit in The Curse of the Were-Rabbit, which has DVD extras including interviews from people around the world explaining why they like Wallace and Gromit so much. The Japanese lady explaining the insight into English life and how much tea they drink was particularly amusing. This from the nation that invented the tea ceremony!
Discussion of tea without milk will not be entertained.
Jan
02
2011
This is the kind of post that I write on occasion, and people tell me for weeks later, “yeah, I read your blog but I don’t understand it”. This is another one of those posts.
I was upgrading a password system for a quick web application. The initial design stored plain text passwords in the database, with the only constraints being they had to be alphanumeric strings less than 100 characters long. I had created some text users which I wanted to keep using after moving over to a salted-hash password system.
I decided to store the salt and hashed password together in the original password field, which is easy to do if you know how long your salt is. The salt is also used inside the hash function, but we store it on the front of the result too.
salt = "12345678"
pass = "secret"
hash = salt + digest(salt + pass)
I thought I would be sneaky and change my password in the database to use this scheme before I enabled the code. That way I wouldn’t lose the ability to log in as this user — because there’s no way I could find a password that could be hashed to “secret”!
$ php -r 'echo ("saltsalt" . md5("saltsalt" . "secret")) . "\n";'
saltsaltb857da9b2f51247b63107cc8a3e38c02
So I manually change my password to saltsaltb857da9b2f51247b63107cc8a3e38c02, upload the new authentication code and get locked out.
Why? Well I changed the password constraints at the same time, and my password was too short! After all that I registered again anyway. It never hurts to exercise some of the code a bit more.