Home | Software | Rules and About | Atom feed
Admin | Edit
published: Sunday 30 August 2020
modified: Sunday 30 August 2020
author: Hales
markup: html

Meta: site comments, Minisleep 1.20 released

General appreciation + lots of bugfixes and security enchancements in Minisleep
It's nice to see comments popping up out of the woodwork on my old posts occasionally.  I hope to have some more laptop-adventure topics up soon, which will include such fun feats as:

New Minisleep release

Contains a lot of long-overdue fixes that I've had done for a long time, but not released because I wanted to finish the list.   David was so excited he joined a different wizarding guild:

Biggest and most notable changes:

CSRF protections

I realised over time this was a big hole in the site protections.  You have to manually/actively target someone for this to work (automated attacks are unlikely to be fruitful) but it's still a nasty concept.

Unfortunately these changes mean the administration page is no-longer a standard page, it has to be generated dynamically by the CGI code instead.  Not how I envisaged my empire when I first took office, but it's the simplest solution to the problem of providing CSRF tokens before you run important requests.

Better HTTP server support

Esp for users of shared hosting (litespeed).  I turns out I had fixed that in this copy of the site, but forgot to port the changes to the main codebase.  Woops, now resolved.

Where to from here

Dregs on my todo list:
  • Add BASH_COMMAND to trap fail internal line (bash is useful to run Minisleep with because of its better error handling/reporting than many more vanilla POSIX shell)
  • Trim extra newline at end of every page edit (this is just plain annoying)
  • Add recommendation of wfm cgi filemanager (but first I need to try and fix my patches to fix HTTP headers _and_ problems with the cgi library used are upstreamed.  I had a look at that a long time ago, but didn't have time to follow through).
  • Add page-delete functionality (dangerous, but perhaps less so now with the CSRF protections.
I'm contemplating writing a miniature forum engine instead of shipping commenting support for Minisleep.  I have some crazy ideas for that (databases are for wimps!), might be fun.

Meanwhile I now have to contemplate updating my various sites with this latest version.  Vanilla installs are easy, but this site here (halestrom.net) has quite a few deep mods to add the extra features I use on my blog.  The CSRF changes mean I might also lose my pretty admin page's ability to be publicly accessed.  I'll lurch to that another day.

Add your own comment:

Email (optional):
URL (optional):
Enter the word 'irrlicht' (antispam):
Leave this box blank (antispam):

Comment (plaintext only):

If you provide an email address: it will only be used for the site admin to contact you, it will not be made public.

If you provide a URL: your name will hyperlink to it.