02.19.07
Posted in POW at 10:55 am by David Kellogg
POW 0.1.0 (preview) is ready for download. It has some nice features.
- Sunbird Support
- Thunderbird Support
- Flock Support
- HEAD requests
- more MIMEs
- free watermelon
That’s right, you get a free watermelon with this version. New users will see this favicon.ico as a nice gift, or if not, a replaceable item. Sunbird and Thunderbird get to share in the port listening glory. These two lonely fellows need a little connectivity. I have no idea how my users will take up the opportunity to add a webserver where none existed before. I’m hoping for some creativity.
Another addition is better MIME support from the Mozilla engine itself. The old MIME list becomes a list of overrides. The upshot is you have to add almost no new MIME types. The one exception (see above) is favicon.ico, which uses the MIME, “image/x-icon”. Please add it yourself if you upgrade.
One caveat. Thunderbird and Sunbird POW addons should be considered development releases. The default ports conflict. The webserver still starts, I assure you, but the port conflicts may drive you nuts.
Have fun.
Permalink
02.12.07
Posted in POW at 8:52 pm by David Kellogg
It was a strange weekend as this one man team worked feverishly to douse the flames of security problems. First, from Italy, the disclosure of a directory traversal bug in POW 0.0.7. Strange, since I tested my own code (using Firefox), and many another new server using this fun trick. Better tools are needed to expose this bug.
Just try ‘GET /../../ HTTP/1.0′ and see what happens. Only bad happens. Almost as embarrassing, George from Tenable Security informed me that the wrong page is sometimes delivered to the user. The first bug is fixed in 0.0.9. The second bug fix will come later this week.
This proves the adage of Steve Gibson that only time can prove security, not pronouncements, speculation or even good coding practices.
The good thing is that I built POW with security in mind. SJS files only execute in certain locations. The security holes never worked on password protected sites. I do not eval client data. I accept highly limited input to MySQL.
Others might shy away from disclosure, but really, it’s your software. I’d rather sacrifice numbers of users in exchange for assurance to the users that holes will be fixed quickly. And for speed, I fixed the vulnerability less than 24 hours after it was posted.
Dave
Permalink
01.28.07
Posted in POW at 7:38 pm by David Kellogg
POW 0.0.9 preview is available. It is there if you want to see any next-gen features. Rewrite rules were added. Rewrite rules allow you to rewrite urls on the fly. Most server admins know this through ‘.htaccess’. Here is the new functionality in action.
// htdocs/system/startup.sjs
<?sjs
pow_server.REWRITE_RULES =
[
[ "dog/?(.*)$", "/cat.sjs?q=$1" ],
[ /^\/Jason\/?(.*)$/i, "/cat.sjs?q=$1" ]
];
?>
This results in dog.html pointing to /cat.sjs?q=.html. This cleans up the problem of linking many fake directories to a single script.
Permalink
01.23.07
Posted in POW at 9:49 am by David Kellogg
POW 0.0.8 is live today. The great new feature for this version is Infinilink. Infinilink allows you to use my humble server for redirects to you ever-moving home server. Your problem and mine is that your ISP gave you a non-static IP. Infinilink gives you a static link through davidkellogg.com that redirects to your content.
Sound complicated? It’s not. Click on the infinilink link at localhost:6670 and follow the instructions. Please use port 6670, since that’s the way I set it up.
What’s next? Email your friends to show them your brand new static server.
Other new features include
* startup.sjs file — invoked on server startup
* cron jobs — SJS code run every minute, hour or whenever
These are documented.
Dave
Permalink
12.12.06
Posted in POW at 2:09 pm by David Kellogg
Recently I used SJS to prototype internationalization code. Here’s how it works.
I found what appeared to be a word separator at XUL Planet http://www.xulplanet.com/references/xpcomref/ifaces/nsISemanticUnitScanner.html
The real problem I have is that I need to separate English or German words. That’s easy enough, but what about Chinese? I need a general-purpose separator that can tokenize (in URL-encoded speak) ‘%E6%9C%88′ or ‘月’. That’s the Chinese word for month. Imagine three of these characters in a row. Where does one character end and the other begin? The difficulties mount. So it’s time to try some XPCOM in Firefox using the Plain Old Webserver.
Here is i18n.sjs:
try {
var scanner = Components.classes["@mozilla.org/intl/semanticunitscanner;1"]
.createInstance(Components.interfaces.nsISemanticUnitScanner);
var text = decodeURI("%E6%9C%88%E6%9C%88");
//var text = "An apple a day";
scanner.start(null);
var begin = new Object();
var end = new Object();
var next_available = scanner.next(text, text.length, 0, false, begin, end);
var sub = text.substring(0,end.value);
alert("first word is "+sub);
} catch(e) {
alert(e);
}
?>
I just drop this code into the ‘htdocs’ directory, and wammo, I have my result. The first word break is at position 1 for Chinese. The English word break is at 2 if you uncomment it.
Permalink
11.29.06
Posted in POW at 9:47 pm by David Kellogg
The latest Plain Old Webserver can be found here. Further documentation can be found at my wiki.
Funny thing about the wiki. I used the one-click install though my web hosting service, and there’s A LOT of work until it looks as nice or works as well as wikipedia. I have to jump into .htaccess to create directory rewrites. I was hoping the file rewrites would come standard. Overall, I’m just happy to know it works.
Permalink
Next entries »