-
Sounds like a good party.
-
Just what I needed, another way to waste time on the Internet.
-
Interesting way to get fixed keyboard shortcuts for bookmarklets. Wonder if there’s a Windows equivalent?
-
Oy. Not a good day for Redmond.
-
“In the next installment, our green eyeshade-wearing superhero gets tangled up in his own cape when he is suddenly forced to reverse course and abandon his initial bailout plan. And don’t miss the stunning conclusion! In a gripping cliffhanger, the runaway locomotive of financial crisis hurtles toward certain destruction while our superhero is busy polishing his reputation in interviews with the local press.” Heh.
-
Sobering look at the relative priority of product management on the chopping block come layoff time. I’m not up for a RIF, I just thought it was interesting.
-
Amazing stupid Transact SQL trick.
-
Interesting and complex real-world test of responsible disclosure for security flaws.
Day: November 19, 2008
Remix culture: NASA’s bootleg Snoopy from 1969
I had read about NASA’s use of Snoopy and the Peanuts characters as unofficial mascots for Apollo 10 (it was well documented in Charlie Brown and Charlie Schulz, which sat on my Pop-Pop’s bookshelf alongside the Peanuts Treasury), but don’t remember seeing this. Courtesy Google Image Search and the LIFE archives:
As good an argument for the Commons as I’ve ever seen. The irony is, of course, that it sits in Google Images with no reasonable licensing in place. Even this bootleg image is claimed as copyright LIFE magazine.
WordPress 2.6.3 CSRF security vulnerability
No link, because I’m posting this from my iPhone. But it looks like WordPress 2.6.3, the latest version, has a cross site request forgery vulnerability. The way CSRF works, if you have your WP site open and are logged in, an attacker can use another web page that’s open at the same time to perform actions on your blog, like deleting users. No word yet that I’ve seen about a fix. I’ll post more about CSRF in a while.
Update: Here’s the official published vulnerability (CVE-2008-5113) from the National Vulnerability Database. And here’s a good description of how CSRF works from OWASP. The scary bit is that if the application isn’t patched, there’s not a lot you can do to mitigate the attack. I haven’t seen anything official from WordPress yet on this vulnerability, but there’s an interesting discussion trail on the bug. Bottom line for app developers: don’t trust user input, and yes the HTTP request needs to be considered user input.