| |
| Current Topic: Miscellaneous |
|
|
|---|
| Topic: Miscellaneous |
10:05 pm EST, Dec 28, 2007 |
Casper and Butterscotch, you are so fat and fuzzy! [kiss kiss kiss]... ... DAMN! You're a Kitty! |
|
|
|---|
| Topic: Miscellaneous |
9:25 am EST, Dec 14, 2007 |
 Start: 2007-12-15 18:00
End: 2007-12-15 23:59
Timezone: Etc/GMT-5
Location: Vortex, Atlanta That's right kids, it's that time again. SantaCon is coming!!! I've seen the pics from the last few years and have to say, Yall do it right!!!! Just to remind everyone, I have listed the rules for SantaCon again. There is no Santa in charge to call. If you can't show up for the start, get the phone number of someone who can help you catch up later. 1 AGAIN! Santa does not make children cry. Really - If you see kids, give them nice toys, candy, or something pleasant. Parents and Tourists are a different matter altogether -- adjust based on their attitude. 2 Santa dresses for all occasions. It's December. Smart Santas wear mutliple costume layers. Dress to maximize merriment whether singing christmas carols in the snow, or swinging from a stripper pole. 3 Santa doesn't whine! We will be outside alot and commuting mainly on foot -- bring enough "snacks" to keep your pie-hole filled until we get indoors. 4 Bring gifts -- NAUGHTY gifts to give grown ups; NICE stuff to give kids. Throwing coal at people is discouraged no matter who they are. YES THAT INCLUDES POLITICIANS
To my west coast homies who think Atlanta is boring, I present to you SantaCon. Dan, trade in you 1337 limo races. Peter, set down those urban golf clubs. Embrace the joy of the Santa-themed pub crawl. Atlanta SantaCon |
|
|
|---|
| Topic: Miscellaneous |
11:04 am EST, Dec 13, 2007 |
When did "message" become a verb? I was in a meeting today with fancy uses of "message" such as "I'll message that information" or "Who will be messaging this?" Does anyone else find this silly? UPDATE: It really is a Verb! |
|
Safari 3 Beta Update 3.0.4 |
|
|
|---|
| Topic: Miscellaneous |
10:29 am EST, Dec 10, 2007 |
What's included? New features * Allows windows to be resized from any side
* Includes an additional font smoothing option ("standard")
* Adds International text input methods
* Adds advanced text options (contextual forms, international scripts)
* Supports NTLM
* Includes auto-detection of PAC files
PAC Files are the devil's candy. * Supports listing FTP directories
It's about time guys! This was a pathetic and glaring hole inthe feature set. * Links to proxy settings from Safari (Safari respects the proxy settings in the Windows Internet control panel)
* Adds cookie management
* Adds LiveConnect support
Thank You! Thank You! Thank You! * Includes tooltips
* Adds spell checking and grammar checking
* Allows printing of page numbers, titles, margins
* Improves bookmark collection interface
* Maintains original order of imported bookmarks
* Adds an interface for editing AutoFill information
* History searches now search the full text of visited websites
* Adds a new preference to manually mark RSS articles as read
* Includes support for tilt wheels
Safari 3 Beta Update 3.0.4 |
|
if(ISO.contains(PDF)) { dance();} |
|
|
|---|
| Topic: Miscellaneous |
9:48 am EST, Dec 7, 2007 |
At the end of January 2007, Adobe submitted its Portable Document Format (PDF) to the ISO. Now, as the year winds to a close, Adobe has announced that PDF 1.7 has been approved by the ISO and will become the ISO 32000 standard (DIS). Although previous subsets of PDF (specifically PDF/Archive and PDF/Exchange) have been considered by the ISO, the approval of the entire document format as a new standard will impact its development in the future. From this point forward, the ISO, rather than Adobe, is in charge of the PDF specification and any changes that are incorporated into it. According to King, none of the current licensing terms for the PDF standard will change, as it's already licensed for free and readily available to anyone wishing to develop software capable of reading, writing, or processing PDF, but he posits that Adobe's Acrobat suite might see an increased level of competition from other companies as a result of the ISO certification.
I wasn't even aware of that this was in the pipeline. Now only if they'll turn over SWFs! if(ISO.contains(PDF)) { dance();} |
|
Ory and the kicking of ass and taking of names |
|
|
|---|
| Topic: Miscellaneous |
3:19 pm EST, Dec 6, 2007 |
Ory over at IBM/Watchfire does a good job attempting to sort the wheat from the chaff in regards to Larry Suto's comparison report of web scanners. Couple it with HP/SPI's Jeff Forristal's report and you have a good idea about the difficulties of having a true apples to apples comparison of any type of security product, not just web scanners. If only WASC or OWASP or somebody has some guidelines for evaluating web scanner results :-). The Web Application Security Evaluation Criteria is a set of guidelines to evaluate web application security scanners on their identification of web application vulnerabilities and its completeness. It will cover things like crawling, parsing, session handling, types of vulnerabilities and information about those vulnerabilities.
Hopefully this will raise awareness about how confusing accurate product comparisons in the security space must be to product reviewers, prospective customers, academics, and even lay people and foster more participation in this WASC project. But back to Ory: In addition, I am concerned by the web application security industry - an industry filled with gifted security experts and practitioners, who embraced Suto's whitepaper warmly, without questioning its results or the methodology by which it was conducted for a single moment. Suto, having good intentions published what he thought was in the best interest of the industry, and my biggest complaint to him was that his experiment methodology was never fully disclosed to the public, therefore could never be confirmed nor rebutted. On the other hand, one would expect security experts to use a little more judgment when reading technical whitepapers, and be skeptical of results from experiments that are not well documented. Putting numbers into a table doesn't make them meaningful.
Ory, bravo for calling us all out for accepting things without fact checking. It seems even web professionals suffer from improper input validation for time to time! :-) Ory and the kicking of ass and taking of names |
|
Fuck you Dean Hachamovitch |
|
|
|---|
| Topic: Miscellaneous |
12:30 am EST, Dec 6, 2007 |
So, yes, the version after IE7 is IE8. We looked at a lot of options for the product name. Among the names we considered and ruled out: Of course, some people care about other aspects of IE8 much more than they care about the name. As I’ve walked different people through the plan, I’ve gotten “Does it have feature X?” “When is the beta?” “When does it release” and even the more thoughtful “What are you trying to accomplish with this release?” You will hear a lot more from us soon on this blog and in other places. In the meantime, please don’t mistake silence for inaction. Dean Hachamovitch
General Manager
Dear Dean Hachamovitch, General Manager Internet Explorer Team. Fuck you Fuck you for thinking a browser with some tabs and RSS support somehow warrants praise
Fuck you for Notepad as "View Source"
Fuck you for the CSS hacks I shouldn't have to do
Fuck you for your phony adoption rate and security comparison reports
Fuck you for the hell that is IE/JavaScript debugging Fuck you for winning the web browser wars and then stagnating innovation
Fuck you for 6 years of inaction and silence
Fuck you for telling the world how the web is going to be
Fuck you for your utter contempt of web developers and web standards Fuck you Dean Hachamovitch and fuck the team you lead. You are hurting us far more than you are helping us This shit has got to end Sincerely,
Billy Hoffman Update Fuck you Dean Hachamovitch |
|
Massive breach in Canadian Passport website |
|
|
|---|
| Topic: Miscellaneous |
11:50 pm EST, Dec 5, 2007 |
A security flaw in Passport Canada's website has allowed easy access to the personal information - including social insurance numbers, dates of birth and driver's licence numbers - of people applying for new passports. The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser.
[lolcat]I has a session hijacking vuln. I is in your Oracle, pwning all your numberz[/lolcat] Massive breach in Canadian Passport website |
|
|
|---|
| Topic: Miscellaneous |
2:07 pm EST, Nov 30, 2007 |
You gauge a task's importance based on whether your boss calls you from another hemisphere about it or not. So far I have several important tasks! |
|
|
|---|
| Topic: Miscellaneous |
4:33 pm EST, Nov 29, 2007 |
Today in a meeting... JavaSteve: Every variable is global in JavaScript
Billy: Thats not true, you can locally scope variables to functions using var
JavaSteve: No you can't. That's not what I've seen
Billy: JavaSteve, trust me, you can
JavaSteve: Sorry Billy, I'm positive you are wrong
Billy: ... ok, I didn't want to play this card, but everyone who has written a book on JavaScript, please raise their hand [Raises hand], ok then.
JavaSteve: oh now it's on!
Billy Go check Chapter 2 in the Rhino book and get back with me JavaSteve. [5 minutes later] JavaSteve: HA! You were wrong! ... ... It was Chapter 3, not Chapter 2! People called Steve JavaSteve to differentiate him from Steve Millar and because JavaSteve works on our JavaScript parsers and interpreters. I asked JavaSteve once why no one called him JavaScriptSteve. He looked at me like I was an idiot. |
|
