A group called the X Foundation is planning to award $10 million to anyone who can design a commercially viable car that can get 100 miles per gallon.

I realize that the shapes of hybrid car are based on aerodynamic efficiency. But I have to ask myself what percentage of the improved gas mileage is directly due to the car being shaped like a whale’s penis? Wouldn’t it make more sense to design the car to be 2% less energy efficient, 100% more attractive, and thereby sell 300% more of them? Are these car makers even trying?

Yeah, yeah, I know that Leonardo DiCaprio drives a hybrid, and he’s sleeping with supermodels. But I guarantee that they make him wear condoms. Probably two or three at a time. And I’ve yet to see a paparazzi get a picture of both Leonardo AND a supermodel going on a date in a Prius. If a supermodel gets photographed in a Prius, her next assignment is pointing at rugs in the JC Penney catalog.

If the X Foundation contest ends up designing a car that gets 100 mpg, the car company that buys the patents will produce a car that looks like a cancerous spleen. And they’ll name it something like the Toyota Nonads.

The Dilbert Blog: The Car You Won’t Own

This is Jesus:

This is Jesus as an Eggbeater:

Any questions?

I'm not sure when the nickname "Eggbeater Jesus" began being used, but the mosaic (not a painting) which appears on the front of the First Baptist Church here in Huntsville was started in 1966 and finished in 1973. ... The Christ figure in the mosaic measures 43 feet in height and the mosaic is made of approximately 14 million pieces of Italian tile.

Eggbeater Jesus

The gift of death metal does not smile on the good looking.

Creeping. Rusty. Meat. Truely the heart and soul of all Death Metal.

So much is so good about this.

Strongbad on Death Metal

Here are the slides from my Shmoocon presentation JavaScript Malware for a Gray Goo tomorrow!. Nice wrap up of nasty JavaScript malware and some good information about Jikto. FYI: I'm writing a white paper about Jikto right now with more detailed info and am recording a webcast with a demo of it on Monday. I'm post most here then

Shmoocon slides/Jikto

King Abdullah's harsh -- and unexpected -- attack on the U.S. military presence in Iraq could be a Saudi attempt to signal to Washington its anger over the situation in Iraq and build credibility among fellow Arabs.

"In beloved Iraq, blood is flowing between brothers, in the shadow of an illegitimate foreign occupation, and abhorrent sectarianism threatens a civil war," said Abdullah, whose country is a U.S. ally that quietly aided the 2003 U.S.-led invasion of Iraq.

A Saudi official said the king was speaking as the president of the summit and his remarks reflected general frustration with the "patchwork" job the Americans were doing to end violence in Iraq.

The king also wanted to send a message that Iraq is an issue that Arabs cannot turn their back on, the official said. He spoke on condition of anonymity because of the sensitivity of the issue.

Translation: Iraq is such a cluster fuck in the eye's of your average Arab that the even the Saudis need to disassociate themselves with us for fear an internal revolt against their already 3-day old monarchy.

Our allies in this region are asymptoticly approaching only Israel.

Saudi's on U.S. in Iraq: 'illegitimate foreign occupation'

For some, it's chocolate. For others, it's coffee or cigarettes. But as this Easter approaches, some young and devout Christians are anxious to return to what they gave up for Lent: Internet sites Facebook and MySpace.

Many users describe the popular social networking sites as addictive, which is why they say giving up these 21st-century temptations is a sincere sacrifice. Members on both sites create profiles and add each other as friends. They can also share messages, photos, videos and personal blogs.

Ok, you know what, I'm just going to say it: If social networking sites are such an important aspect of your life that you view giving them as a worthy religious sacrifice, you are a moron and the chances of you contributing anything meaningful to this world are slim to nil.

Students give up social networks for Lent

While not wanting to drink too much koolaid or make this blog simply a corporate mouthpiece, I was pretty happy with SPI's annoucement today.

"Announcing our 1,000th customer is a significant milestone for SPI Dynamics as it demonstrates strong market adoption of web application security and of our innovative, industry leading solutions," said Brian Cohen, CEO of SPI Dynamics.

As the industry's leading web application security software provider, SPI Dynamics' products serve a wide variety of customers in many industries. The company's enterprise customers include:

-- Four out of five of the largest banks in the world
-- Nine out of ten of the largest banks in the U.S.
-- Four out of five of the largest software companies
-- Three out of four of the largest aerospace and defense companies
-- The four largest accounting firms
-- The five largest telecommunications companies in the U.S.
-- Six out of eight of the largest technology hardware and equipment companies
-- Two out of three of the largest healthcare companies
-- Over ninty-five U.S. Federal agencies

Simply put, SPI is the largest Web scanner vendor in the world, in terms of revenue from web scanning products, number of customers, and number of employees focused on web scanners. I'm extremely proud to be an employee at SPI and hope to stay for many more years.

SPI Dynamics Announces 1,000th Customer

There's no medicine like happiness, except maybe laughter. Or maybe rubber tubes shoved up your urethra." -House

derStandard.at: What do you have in store for the next major release?

Miguel de Icaza: In terms of the API, we will make the core and ASP.NET be 2.0 implementations. Other pieces like 2.0 Windows.Forms will be part of a future release.

There are three major developments outside of the API tracking:

* The Mono Debugger.
* The Stetic GUI designer.
* The MonoDevelop IDE reaching 1.0

One interesting bit is that all of those technologies will be tied in the 1.0 release of MonoDevelop.

For some people, the lack of a debugger has been a big turnoff and we hope to finally fix this problem.

That lack of a debugger has been critical. This makes me unbelievably happy! I write many tools in C# on Linux using Monodevelop but I'd use it more if they fixed these things:

-GUI Designer that produces Windows.Forms code! I know you can do it! I can take GUI projects from VS2005 and they compile and work just fine in Mono. Don't make me use this Stetic stuff! There is no need for it for simple GUIs and I don't want to force Windows people to download a GUI framework to look at my proof of concept.

-Better VS2005 Solution/Project support! I've never had even the most basic VS2005 solution/project import properly. Ever. And what saving a project as a VS solutions/project? So often I take code home from the office, drink some redbull, hack some code, and then take it back to work. And basically forget going from Monodev -> VS. I have to rebuild the project/solutions by hand. This needs to get fixed!

-Inline web development - I don't need a designer, but creating websites for using mod_mono and Apache inside of Monodev would kick major ass.

Mono, and what I need.

Rattle Says:

This week on Reflection we have a very young guy from the webappsec field.

Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time.

I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.

Anyone who has worked with Billy knows, he is one of the best security researchers in the world. Billy is among the first people I contact when I need to bounce an idea off someone, and the insight he brings to the table is always impressive. Based on my firsthand experience, it is incomplete to the degree of inaccuracy to simply say "he thinks outside the box". Billy destroys the box before your eyes while telling you what you need to keep in mind when building your next box.

We can say with confidence, that when what comes after "Web 2.0"/AJAX is created, Billy's work will be one of the factors driving design decisions.

I enjoy watching him repeatedly pop up in the press. I feel proud to have known him back when he was just an unknown college student getting sued for the first time.. :)

This has been an interesting week. It started with people who don't even know me questioning my moral fiber. They hadn't seen Jikto. They hadn't asked me what it did. Instead they based all their opinions solely off a news article. As in any situation, forming an opinion, let alone announcing your opinion on a blog when it's only based on knowledge from 1 or 2 sources is rather irresponsible.

However, I must say I laughed more than anything this week. How can you not when you see two people who have never even met you arguing on a public forum: "I think Billy really means this...." "No you're wrong, the larger point of Jikto is ..." I should say that only a handful of these colorful commentators ever stop to ask me anything.

All and all I think Jikto has been success. The demo went extremely well. The presentation was packed to standing room only. I gave a detailed description of the architecture, an exhaustive demo, showed proxy dumps of what was happening, and discussed improvements. I received lots of positive feedback and thanks from many important people, including high level people at Microsoft, Google, MITRE, DoD, IEEE, and Mozilla for disclosing what I had found. As with any good con, I left with more ideas than I arrived with, and hopefully the audience left with a better understanding of the dangers of XSS.

Jikto craziness