Boing Boing: Bouncing breast simulator from sports-bra company Hope the title gotcha! Seriously, some site has a simulator of bouncing boobies during exercise - with and without various types of bras. You can dial in your breast size (I’ve forgotten mine!) and see it in action.
Over on Neo Security Team, some guy whose Engrish is teh bom writes about supposed vulnerabilities within WordPress 2.0.1 and below. I’ll detail each of them, and how real I think they are. Firstly, all of them seem to be JavaScript related. That affects me, as I require JavaScript for commenting, which implies I want users to have JavaScript turned on. First potential issue:
‘name’ variable is not filtered when it’s assigned to ‘value’ on the
<input>in the form when the comment it’s posted.
I’ll assume he means that when the comment is posted. Let us test that. Nope, this is not true. When using the normal comment posting form (i.e. the individual post page) all fields are stripped of HTML, except the Comment field (see below). In fact, this problem is no more or less serious than number 2, below. It is the same problem! This problem also exists for URL field, and possibly email field (although this is generally not shown in a blog comment, as it’s a bit of a Spam magnet.
Second potential issue:
‘comment’, this variable only filtered “ and ‘ chars, this makes possible to use
<and>, thus this permit an attacker to inject any HTML (or script) code that he/she want but without any “ or ‘ character, this only happends if the user that post the comment it’s the admin (any registered kind of ‘user’).
I’ve confirmed this, even though it’s not really clear what this person is saying. If you post a comment, then all <script> tags are stripped. However, if you edit a comment, you can insert HTML. I think this is what the author means. Short answer - don’t allow other users to register. That is an absolute fix. Casual commenters cannot cause this bug. In fact, this trick could be used to great effect: the script would be run by an admin trying to delete the comment, too! Again, the best way to avoid these issues is to not allow people to register as users, as they then would not be able to edit comments. Incidentally, the fixes they suggest would either not fix the problem, or in fact remove the ability to have any HTML in any comments. Since I want people to be able to style their own comments, this is not acceptable. WordPress already has some method of filtering out ‘nasty’ HTML - lists, images and scripts are not allowed in comments, for instance. Surely these same filters can be used when an admin edits a comment, too? A much better solution!
Third issue:
Full path disclosure & Directory listing When I discovered this bug, I reported it to some pepople before public disclosure, I was noticed that this isn’t new and I decided to look why they haven’t patch this bug. As this bug it isn’t patched yet, I tryed to know why and I found something like this in their forum (I don’t know if the person that posted this was the admin but it gives the explanation): (Something like the following, it’s not textual). ‘… these bugs are caused by badly configured .ini file, it’s not a bug generated by the script so it cannot be accepted as a bug of WordPress…’. This is not an acceptable answer, if you think it is, a bug caused because of register_globals is Off it’s .ini fault and not the script, they have to be kidding, if they want to make good software, they have to make as far as the language can, to prevent all bugs. There’re multiple files that don’t check if they are been call directly. This is a problem because they expect that functions that the script is going to be called to be declared. This kind of bug it’s taken as a Low Risk bug, but it can help to future attacks.
This took me ages to figure out what they meant - apparently files can be accessed directly if you know the URL. For instance: http://www.victim.com/wordpress/wp-includes/ Actually, this is more of an http rewrite issue - and as such, specifically does not affect Blogsome. And even if it did, I’m not really sure it could do much harm. I might be wrong about that, but I’m almost certain that Blogsome is immune to this, since every URL that Blogsome serves from each blog doesn’t directly access the source files, but goes through the database.
In one of the PC pools at work, I am getting some pretty serious Autodesk Inventor crashes. Basically, the error is occurring randomly, every couple of minutes or so. The temporary file that the crash reporting program wants to send to AutoDesk indicates that it is a read error in the same memory location each time:
<Exceptions>
<Exception code="C0000005" text="ACCESS_VIOLATION" address="0x77E7CA0B">
<AccessViolation type="Read" address="0DB33888"/>
</Exception>
</Exceptions>
It’s annoying the hell out of me - as it’s only happening in one pool, not the other. I don’t think it’s a licensing issue, as it seemed to happen a few times when I was the only user on the system, not just when there were twenty other users upstairs in another pool. Things I’m going to try:
Dunno what else to do at this stage. Update: an even more impressive crash, this time with an extra dialog box: 
TouchSA have put up a Wrap Up of the State League Grand Finals - the short news is that Scorpions, my region, won the Mixed and Womens, but not the Mens, and won the overall Regional Champions. And yes, that is a tasty photo of me running about as fast as I can manage nowadays.
Radaractive: Darwin is Dead-The Carnival!!! Aargh! I could only read about two of the Creationist bullshit-filled comments, and my head nearly exploded. Hardly what I’d call Critical Thinking, chaps.
Chris Legend is using some files from my templates: mainly the guts of my Comments.html page. This is all well and good, but because I have customised the guts out of my site, there are some caveats. The first is that my Comments.html relies on a certain JavaScript to be called before it allows any Comments. That is, if you just use this file from my template, noone will be able to comment at all on your blog. I had to write this post, as I can’t find another way to let Chris know! To fix this, you either need to edit the template page, and put the following into the action field: "/wp-comments-post.php". If you don’t do this, no one can comment on your blog.
Here’s a nice little AppleScript I knocked up to grab all of the details of my podcasts, for the previous post:
tell application "iTunes"
set podcastList to {}
repeat with trk in selection
set thisPodcast to album of trk & " • " & artist of trk
if thisPodcast is not in podcastList then
set podcastList to podcastList & thisPodcast
end if
end repeat
end tell
set HTML to "<ul>"
repeat with trk in podcastList
set HTML to HTML & "<li>" & trk & "</li>"
end repeat
set the clipboard to HTML & "</ul>"
Hot Toddy • Mindtrip • Chillout Sessions 8 ★★
Podcasts are cool. I listen to them every day on the way to and from work, and I’ve got quite a few subscriptions in my iTunes list.
They also take up lots of data. In the past month, my internet usage has more than doubled. And I’ve only been pdcatching for probably less than half of the month!
Billing Period Ending Invoice Number Hours Used (hh:mm) Downloads (MB) Uploads (MB) Service Total
(Excl GST)
25 Feb 06 30700482 293:49 3848.98 293.67 $0.00
25 Jan 06 30068220 131:23 1245.89 144.91 $15.41
25 Dec 05 29435356 143:29 608.07 98.86 $15.41
25 Nov 05 28793690 109:02 655.58 98.06 $15.41
25 Oct 05 28154942 300:16 2586.63 275.67 $0.00
25 Sep 05 27528167 118:59 706.33 104.21 $15.41
It still amuses me how often I come across interesting little coincidences. The other week I heard the term “Selective Service” twice in a couple of days, after not having ever heard it before, on totally different media. One was OmniNerd, the other an ABC radio podcast. And today, while listening to the latest Ricky Gervais podcast (#12), a mention was made of the story where a guy wakes up as a “Giant Beetle,” and his travails from there. And then, in this week’s PostSecret: 
The VCSi Forums - How dangerous is it to shoot straight up
According to tests undertaken by Browning at the beginning of the century and recently by L .C. Haag, the bullet velocity required for skin penetration is between 45 and 60 metres per second which is within the velocity range of falling bullets. Of course, skin penetration is not required in order to cause serious or fatal injury and any responsible person will never fire bullets into the air in this manner.
A couple of months ago, I was having a discussion with some friends about shooting straight up in the air. I can’t remember the result, but here is a nice article detailing the physics and results.