I was bored today. I tried getting Dreamhost to play nice with Django, but they were impartial about the whole idea. It’s not officially supported, so I can’t send angry emails to Dreamhost. In the quest to look for different providers in the future, I found out that my ISP still had some old files that I made back when I was in high school, and beginning college. Back in my old ‘just learning to program’ days.

Ahhh the memories.

I was a big Pokemon/mIRC nerd back then. Yes, Pokemon was still popular to a niche few of us who haven’t grown up completely. It really was a misunderstood strategy game. Definitely a lot more then most people suspect. I stopped playing after the Ruby/Sapphire versions required you to battle for stupid EVs. But I won’t go there (once you know so much, the game gets to be less fun for stupid reasons).

So here is a flashback with links to some of the stuff I did back in the ol’ days :

Revised RBY Bot : this my first big programming project. I wrote a R/B/Y Pokemon battle simulator in mIRC script. It was revised because the first one I did, I took a break from programming after I finished it, and when I went back to it, I couldn’t figure out what the hell I did. I used the worst programming methodology ever: I wrote the entire engine before debugging. No lie.
So I rewrote it, knowing better the second time. It took a while, but I opened sourced it (under no license. In fact, I don’t recall even knowing what open source was. I just gave away the source code. But the objective was pretty much the same).
I pursued this project because there was a competing script authored by someone who wasn’t much liked in the community, but they put up with him because he had a more advanced Pokemon Battle Simulator script (his popularity, IIRC, plummeted when he gave it away to someone else/someone stole it. Rumors were that someone stole it by pretending to be a girl. But that sounds like a complete lie)
So I wrote one because I was fascinated by programming.

I made a blackjack mIRC script. It was fairly popular. I remember giving this away freely too.

MusicTron : A music player was another fun thing I did in mIRC script. I don’t think it was very popular.

Visual GSbot : Because all the advanced pokemon battle simulators where on IRC at the time, they were all command-line. This was an attempt to parse the output of the code and give it a visual representation

One of the 2004 Olympics. The Olympic flame looks like is being used to light a giant joint:

Wow. I haven’t done ambitious projects like those in a while.

Synopsis :
python addonParser.py extension.xpi

Description :
A simple python script that lexically analysis Firefox extensions, trying to find any problems. Outputs any problems to the terminal.

Requires :
Python Image Library

Notes :
Writes any .jar files into the $PWD/temp/ directory.

Breakdown of output :
examing chrome/ (13)
examing chrome/content/ (13)
examing chrome/content/botOFF.png (13)
examing chrome/content/botON.png (13)
examing chrome/content/dowint.css (13)
examing chrome/content/dowint.js (13)
examing chrome/content/dowint.xul (13)
        WARNING: http://dowint.net/inc/js.php does not start with chrome:// and not a local file for file chrome/content/dowint.xul (5)
examing chrome/content/logo.gif (13)
        WARNING: Image chrome/content/logo.gif does not match it's extension. Expected GIF, got PNG (2)
examing chrome.manifest (13)
examing install.rdf (13)

Numbers in parentheses at the end of line are just for debugging use only.
Text in square parentheses is often the source of the problem (used when evaluating javascript files)

Types :
Warning – something is wrong or possibly needs some examining
Error – I don’t know how to evaluate this (eg. files that I wasn’t expecting, or files that I don’t know how to properly evaluate)

Quirks (some people call this bugs) :

1. Sometimes it gives you information, but not enough context:
   WARNING: found XMLHttpRequest [var req = new XMLHttpRequest();] in file content/hrtoolbar.js (9)
2. Sometimes the output is extremely long because the js file was minified:
   WARNING: found XMLHttpRequest [var CC=Components.classes;var CI=Components.interfaces;var ... ]
3. False positives can be quite common :
   WARNING: found reference to outside source [@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");] in file skin/webwean.css. (8)
   (This is common false positive in CSS files. Though it has found a problem once)

Undecided Issues :

• What to do about .dtd and .properties (should anything be done for these files?)
• Should XHR throw up a warning? It’s fairly common, and we’re really just worried about eval.

Checks and Errors :

File :
Currently available here. Will upload repository later.

Please be advised that this tool is extremely stupid, and not a substitute for careful reviews

There was a bunch of GPG tinkering trying to get GPG to generate a ssh-compatible (ie. one you get from id_rsa.pub) key using my private key. While it turned into a epic fail costing me a good chunk of the day. I dived a bit into the security stuff that everyone hates.

While going about my day, I wondering if self-signed certs can be used in a way that wouldn’t get you ostracized from a security conscious community. Johnathon has warned the blogosphere at large why self-signed certs are bad and why Firefox makes you jump through hoops to allow a self-signed cert to get through. But I thought of a good use case for why you may want to use it :

1. Self-signed certs provide little value for your users (fe. blog comments are public anyways)
2. You may not have the means (eg. credit card, unique ip if your with Dreamhost) to buy one
3. You only really need them for some basic stuff that users shouldn’t interact with at all. Like logging in to wordpress.

In which case, you can generate a self-signed cert and configure a web server to serve you it on some uncommon port such as port 43034. The benefit is that its transparent to users. It will not interfere with their browsing. And you get the benefit of encryption and authorization, and knowing for certain that the certificate is yours (you have access to the certificate’s fingerprints).

I tried this on Dreamhost and I failed. Or, rather, Apache doesn’t you set up a <VirtualHost> in a .htaccess file. Dreamhost didn’t have anything in their web panel that would fix this. You can enable SSL for a site, but they force you into port 443 and don’t let you have both HTTP and HTTPS.

Another excellent educational learning opportunity ruined by over-zealous security zealots.