Archive for the 'General' Category

man, woman and love

Tuesday, May 31st, 2005

From the NY Times, Watching New Love As It Sears The Brain

When I was in college about 10 years ago, I was lucky enough to take an anthropology class with Dr. Fisher, one of the authors of the study discussed in the article. Suffice it to say, she was one of the most knowledgeable and enthusiastic professors I’ve ever had at Rutgers.

contest: What song should I download?

Monday, May 23rd, 2005

I’m looking at my extremely messy desk right now and I have a free iTunes bottle cap. Since I managed to OD on Beck’s Guero this past weekend (oh, good memories associated with it), I have the extremely pressing question of What new music I should download?

I can’t give the winner much, but I’m sure the bragging rights will be enough…

Oh, whoopsy…I seem to have missed the April 30th redemption deadline… Ok, well if the song is that good, I’ll spend the 99 cents on it.

traffic

Sunday, May 22nd, 2005

This is what the NJ Turnpike looked like going southbound at about 4pm today around exit 7….check out the northbound lanes…

This traffic was not caused by an accident or weather…it was simply because there were too many people on the road. And yes, the backups occurred in both directions and I managed to hit it both ways…so my usual 4 hour drive was extended to 5.5 hours. Fun.

In real life

Sunday, May 22nd, 2005

sometimes people ask me how to get a mention on my blog.

I suspect an evening with Mexican food, continuing on to an Irish pub with plenty of people watching and live music would be a good start.

Nice try Blinq

Saturday, May 21st, 2005

Apparently, the folks over at Philly.com are trying to promote the blogging thing.

Which is all well and good, I suppose, but apparently this blog run by reporter-cum-blogger Dan Rubin is supposed to cover local bloggers and local events. However, if you take a good look at his blogroll he’s got the typical bloggers and, as of today, a grand total of 5 Philly area bloggers (and that’s if you include the Daily News blog and Eschaton).

Add to the fact that the tone of some of the current blog posts aren’t exactly about local blogging or local bloggers covering issues.

Color me underwhelmed. I’m actuallly a little pained by this, since if Mr. Rubin takes the time and effort to run a strong, interesting Philly area blog he’ll get readers.

I know he could do better coverage of local blogging. Let’s see if he’s up to the task.

Netscape 8.0 — stupidly irrelevant

Friday, May 20th, 2005

Ok, since my day job has something to do with designing Web sites, I thought I’d download and take a look at the new Netscape 8.0.

Anyway, tried it out and such and while it’s basically Firefox with a different skin (and outdated engine since it is built on 1.0.3), I don’t really have anything nice to say about the browser.

You see, the big new Netscape marketing push is about trust and security since the browser allegedly “checks” if the site you are visiting is trustworthy. While that sounds all well and good, the browser apparently only “checks” sites that are registered with Verisign or Trust-e and if the site is registered with either of these two certifiying authorities, the browser will show a green shield.

Great. So, if you’re not using the trust mafia, your site does not have a green shield displayed in the browser.

The reason why this practice is wrong is that I, as a site owner now have to pay money to a company to verify my site. Unlike, say, SSL, where I don’t have to pay an SSL provider unless I want them to do the work for me.

Wedding Blogging

Saturday, May 14th, 2005

I’m in Radnor, PA at the Villanova Conference Center (BTW:excellent free high speed Internet) killing some time before a hair/makeup appointment this morning.

It’s a big day, my little brother is getting married today.

I’ll let you guys know what really happens in the limo ride to the church… ;-)

Update 5/17/05: The happy couple during their first dance… Congrats to Tom and Megan…

happy couple

cool osx tricks

Wednesday, May 11th, 2005

Does anybody have any really knock your socks off OS X tricks that would just wow a group of kids?

I already know about the say command which when executed at the command prompt, a voice speaks.

MySQL hack attempt?

Wednesday, May 11th, 2005

I dunno about you, but this sure as heck looks like a MySQL hack attempt…

/?search=%20UNION%20ALL%20SELECT%201,1,1,1,user_pass,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20wp_users%20WHERE%20user_login%20=%20′admin’/*

the rest of the log looked like the following with the dude crawling my site for a bit before doing his deed, note the user agent.

IP Address: 211.5.160.52

Http Code: 200 Date: May 10 20:18:27 Http Version: HTTP/1.0 Size in Bytes: 21743

Referer: -

Agent: Metscope/6.0 (CP/M; 7-bit)

what this blog needs is a sappy tag

Tuesday, May 10th, 2005

Oh no, not about me… about them.

The best commentary I saw on fark was “He had her at howdy” and “Props to them for keeping it quiet and not making a huge spectacle. He’s a hottie in his own lovely redneck way.”

What is this world coming to? I just called a country singer a hottie.

program.exe trick

Tuesday, May 10th, 2005

There was a thread today and yesterday on the Full Disclosure mailing list about the MS Spyware beta and how it unfortunately has an inadvertent security hole. I’m posting the explanation here because I think it’s pretty interesting.

From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of pretty vacant

Sent: Tuesday, May 10, 2005 9:53 AM

To: James Tucker

Cc: full-disclosure@lists.grok.org.uk

Subject: Re: [Full-disclosure] Useless tidbit

You may or may not know that Windows applications often use the registry to store information about where to find applications within their file system. Due to the way in which Windows handles filenames, situations where this information is stored in an unquoted fashion, can leave the application open to an attack commonly referred to as the “Program.exe trick”.

As you know, it’s quite common to have files and/or directories with spaces in the name (e.g. C:Program Files). Windows is unique in that it essentially doesn’t exactly know what it’s doing if the command isn’t quoted and contains spaces. For example look at the following command:

c:program fileswindows media playerwmplayer

If unquoted, Windows tries the following:

1st try

Execute: c:program.exe

Arg1: fileswindows

Arg2: media

Arg3: playerwmplayer

2nd try

Execute: “c:program fileswindows.exe”

Arg1: media

Arg2: playerwmplayer

3rd try

Execute: “c:program fileswindows media”

Arg1: playerwmplayer

4th try

Execute: “c:program fileswindows media playermwplayer.exe”

Well in the case of MS AntiSpyware (and hundreds of other applications), AntiSpyware, it starts up by executing “AntiSpywareMain.exe” which in turn displays a nice splash screen, performs some other misc activities before calling the gsasDtServ.exe. The problem is that the execution of gsasDtServ.exe is unquoted, while the app tries to execute c:program filesmicrosoft antispywaregsasDtServ.exe, if c:program.exe exists, it will be executed instead and MS Antispyware never actually gets loaded.

With XPSP2, the OS will actually warn you about files like c:Program.bat, or c:Program.exe, but not of c:program filesinternet.exe.

Sadly, this isn’t uncommon and when I tested this on my system the first time, 7 applications were executed over a 48 hour period. Try it for yourself. My Program.exe logs the executing user and command args to c:program.log.

This is all

Sunday, May 8th, 2005

:-)