Older blog entries for cdent (starting at number 187)

14 Apr 2012 »

20120414

Started working on a tiddlywebplugins.cors following discussion with neumark.

In that discussion I expressed some concerns:

  • Can the code replace the AllowOrigin middleware in the tiddlyspace code?
  • If we do either preflight checks (via OPTIONS) or allow auth over CORS (via Access-Control-Allow-Credentials) are we opening a big security hole on TiddlySpace? Transcribed (with edits) from the emails:


I suspect it would be okay to enable cors preflight in a tiddlyweb installation that was a single domain, but the CORS exchanges that could do writes, in the tiddlyspace multi-domain environment, have the potential to be a big mess (bigger than the existing mess).

The main scenario goes something like this:

  • I visit space X as user Y.
  • Space X runs code which delete's Y's stuff, as user Y, without Y knowing about it and without X ever knowing Y's auth credentials (the browser, executing the code, knows the credentials).

Right now, code in space X can only (usually) write to entities that are part of space X. CORS control prevents PUTs and DELETEs to other domains, and the server-side DropPrivs middleware makes sure that operations against entities which are only included in (not natively a part of) space X happen only as GUEST.

It's messy.

Someone using curl would need to know user Y's credentials to have
similar powers.

Of course this discussion has happened so many times there may be
errors or omissions that mean it's wrong...

Syndicated 2012-04-14 17:06:01 (Updated 2012-04-14 17:06:39) from cdent

13 Apr 2012 »

20120413

Had to block (on tiddlyspace.com) a bot, claiming to be from nerdbynature.net, for spidering too aggressively for too long. A search around the web suggests that maybe (but not certainly) that the bot doesn't behave appropriately with regards to robots.txt.

Syndicated 2012-04-13 21:27:57 from cdent

12 Apr 2012 »

TiddlySpace 1.0.95

  • Corrections to a long standing bug on the 404 page displayed when a resource cannot be found.
  • Addition of an editor key to ServerSettings. See the commit message.

Syndicated 2012-04-12 19:39:17 from cdent

12 Apr 2012 »

How to get more likes on Facebook - The Oatmeal

Syndicated 2012-04-12 18:09:54 from cdent

12 Apr 2012 »

I have a TiddlyWiki plugin that creates tiddlers that won't save. Why?

This is a stub, for now, see this thread, which links to several useful resources:

error saving when creating from formTiddler macro

Syndicated 2012-04-12 14:36:22 from cdent

12 Apr 2012 (updated 12 Apr 2012 at 20:11 UTC) »

20120412

Noting an idea I want to remember if don't get around to implementing it today:

Change the missing tiddler 404 page so that it refers to environ['tiddlyspace.editor'] for which editor (and uri template) the current space uses. The information would come from ServerSettings, defaulting to takenote (the existing setting).

Once (if) the per user settings described in 20120302 are implemented, editor would make more sense in there.


Released TiddlySpace 1.0.95 which implements a modified version of the above.

Syndicated 2012-04-12 13:55:15 (Updated 2012-04-12 19:43:29) from cdent

12 Apr 2012 »

Energy and Information

A friend (who works at a big international bank) recently asked: Apple, Facebook, Microsoft, Amazon, Google. a) Does the world really need all of these? b) How are they going to square off and/or perish?

Another friend (who works at one of the companies named above) jokingly responded saying "No, we just need more banks." His response inspired my response:

I think we can pretty sure that at least Google and Amazon will be banks in the not too distant future. They are experts in moving and managing information and all currency really is is a specialized form of information.

Riffing from there I would guess that there will be more very large so-called technology companies as the "information as currency" notion embeds itself. We'll go through several cycles of company creation, growth and consolidation.

In a sense there's nothing new going on here, the same business cycle that's been normal since at least the start of the industrial revolution. It's just that the priority or market is clarifying.

We're moving to a period where there are only two important
commodities: Energy and Information.

Companies like Google, Facebook and Amazon are developing expertise in both.

Interestingly one is scarce and the other effectively infinite (but unwieldy). I suspect that is not a coincidence.

Likely nodal points in the future that will impact how these companies survive, interact, die or thrive:

  • If/when energy becomes less scarce (i.e. effective fusion, economic solar).
  • If/when there is a backlash against companies holding information that "belongs" to individuals in escrow.

I want these nodes to get here as quickly as possible.

Syndicated 2012-04-12 13:44:21 (Updated 2012-04-12 13:45:23) from cdent

11 Apr 2012 »

20120411

Continued editing in tiddlyweb, lots more still to do.

Syndicated 2012-04-11 16:52:20 (Updated 2012-04-11 16:52:26) from cdent

11 Apr 2012 »

What is a bag for?

A bag acts as a container for tiddlers. As a container it provides several related functions:

  • A bag provides a topical domain for the tiddlers. Tiddlers in bag X are related to some topic, concept, purpose, application, etc. For example all the tiddlers in the teamtasks bag are general data and code for running a teamtasks application whereas the tiddlers in the notes bag are random gatherings of tiddlers.
  • A bag provides an authorization domain through the use of policies.
  • A bag provides a building block for recipes.

These functions are implemented at the level of the bag rather than the tiddler to make the functionality easier to manage on a few dimensions: in the minds of people using them, in application design, and in code.

It should be noted that a bag does not have to indicate any sense of topicality: it's a place to put things and there is no obligation that those things be the same in any particular way.

Syndicated 2012-04-11 16:38:42 from cdent

11 Apr 2012 »

renderer

In TiddlyWeb a renderer is a code system that takes a tiddler as input and returns an HTML form. It is used by the HTML serializer to generate the HTML content, usually turning wikitext syntax into HTML with a wikitext renderer, such as WikklyText or twikifier. This functionality was originally fully in the serializer, but it became clear with use that being able to support multiple syntaxes would be useful.

Two config items control how wikitext in tiddlers is rendered. They are wikitext_renderer and wikitext_render_map.

If the HTML form of a tiddler is requested and the type attribute on the tiddler is not set its content will be rendered by the default wikitext_renderer. In the default installation wikklytextrender is used. If the TiddlyWebWiki package has not been installed, then the raw renderer is used, wrapping HTML escaped content in <pre> tags.

If the HTML form of a tiddler is requested and the type attribute begins with text/ and the type attribute is present as a key in wikitext_render_map the value in the map is used to identify the module which contains the render() method for that type.

See also: Can I get a rendered tiddler as JSON?

Syndicated 2012-04-11 16:34:07 from cdent

178 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!