-
Hi-larious parody of the faux science of audiophiles.
-
This is really depressing.
-
Missed this on Friday. This is why you don’t let morale slip in your call centers.
-
Wikipedia norms say “no original research” but in the case of breaking news that doesn’t always stick.
-
Sounds like a good way to build another Web 2.0 name generator. BurlyDrive! For the unbreakable hard drive! (I want credit on that name if a startup ever uses it btw.)
-
Congrats to Doc for getting through a nasty bout with pancreatitis.
-
Two masters for the new Mudcrutch album: one with compression, one without.
-
Waiting for Obama to take unambiguous positions to define himself to voters. He’s got plenty of good ones to choose from.
-
Summer reading? A novel that treats the fallout of the Tiananmen massacre is unlikely to be read in China, but sounds like a good perspective for the West.
-
Fighting against the gingko. I miss the stench of those trees between the Rotunda and the Corner in the fall.
-
Charles Wright on summer.
-
Ruby might be a good candidate to start looking at systematically for vulnerabilities.
-
A nice survey of the art and science of quoting on the web.
-
It’s on my bookshelf, but I didn’t remember how cranky and brilliant Dowding’s book was.
-
Domains include pingadw.com, alzhead.com, pingbnr.com, coldwop.com, adwbnr.com, bnrcntrl.com, chinabnr.com. At least one service that I use has been infected (and temporarily delinked).
Day: June 23, 2008
My madeleine? Thunderstorms
This has felt like summer, for the first time in recent memory. Why? The last few days, we’ve had high humidity and thunderstorms. Bam. Takes me right back to Newport News or even DC. Mowing the lawn Saturday morning was a real Proustian moment: cloudless sky but with steadily climbing temps and thickening air. By the time I was done I felt like I was swimming in the air, it was so humid. And instantly I was back home, trying to rush to finish the lawn before the skies opened. Then there’s that rush of cool air against the skin right before the rain comes in.
Followup: Mac OS X ARDAgent vulnerability advice
Various parties in the Mac community have weighed in and suggested the best way to address the issue highlighted in last week’s advisory regarding an escalation of privilege vulnerability in ARDAgent. While some have suggested that enabling the remote access service may actually correct the privilege escalation, there’s been enough evidence that it doesn’t really work. And a suggestion to clear the setuid bit that allows ARDAgent to act as root appears to kill it, for at least some commentators. That leaves only leave two options:
- If you don’t need to have anyone remotely manage your application, just delete or archive ARDAgent.app.
- Restrict ARDAgent from being able to perform
do shell script(as described in Martin Kou’s blog)
It would be nice if Apple just closed the hole, wouldn’t it?
While you’re at it, don’t forget to update Ruby (it’s part of the default Mac OS X installation), if you’re using it, to close a whole bunch of holes–from numeric errors to buffer overflows–in the core Ruby runtime.
And can we stop pretending that the Mac OS X platform is magically secure?