Month: May 2009

  • Three Sisters Garden

    Hm. I was all excited to plant a Three Sisters Garden (corn, beans, squash) til I read the bit about needing a minimum plot of 10’x10′ to ensure good corn pollination. Huh. I guess that’s why it pretty much sucked the last time I tried to grow it.

  • RunningBlog: Ramping Up

    The Sydney running season is upon us and I’ve started to ramp up my training a bit. My ultimate goal is the Half Marathon at the Running Festival in September, so I’m using the 20 week training plan from that site. There are also a number of shorter races along the way this winter. First was the Mother’s Day Classic 8K I ran a few weeks ago. Next up is the Bay Run on August 2nd, a 7km run around Iron Cove Bay. I’m running it as a team with Shane, Tim, and Stef. The following Sunday will be the City 2 Surf, where once again I’ll try to break the elusive 100-minute barrier. I just have to talk the Snook into running with me…

    This week: 22.39km (14mi)
    Previous week: 17.41km (11mi)

    One difficulty this year is some general lower back pain and stiffness. I think I injured it trying too hard on the rowing machine at Spudds. I’ve been to the physio last Wednesday and today, and she’s given me some exercises and stretches. A big part of it is my right hip being way too tight, as it was last year.

  • osCommerce Session Vulnerability

    osCommerce Session Vulnerability
    I’d just like to note for the sake of future Googlers that osCommerce has a huge whacking security hole in the way that it handles sessions. I found this on Saturday when the new Morris & Sons site launched and a fellow Raveler told me she was seeing “other people’s stuff” in her shopping cart. “Huh?” I thought. “That’s not possible.” Half a dozen people had tested the new site and not one of them reported anything like that. It was only after emailing back and forth with her and doing some digging that I discovered the problem. She was following a link from a recent newsletter, a link that happened to include a session id. I’d noticed a few links like that before but didn’t think it was a problem. “After all,” I thought, “surely osCommerce creates a new session when you come to the site anyway.” WRONG. It looks for the session in the link, and when it doesn’t find anything it RECREATES IT. Then if someone else follows the same link in the next 5-10 minutes, BAM. Two people with the same session. Huge, huge security hole. The solution ended up being pretty simple, in that I simply changed the site to require cookies for session handling. (I then tested and confirmed that two separate people following a link with the same session id end up with different session ids in their cookies.) Still, it’s a pretty big issue and it’s not well-publicised. The Snook was pretty livid when we figured it out. “The amount of fail in that implementation still amazes me,” he said. “The fact that I could invent a session ID, email it to you, and then snoop everything you’re doing on the site and get access to your account once you log in.” Yep. If you have an osCommerce install, lock it down, kids.

  • Congrats, Tracey!

    Congratulations to Tracey and Regan on the birth of their daughter Jovie! But man, reading that birth story actually made me light-headed.

  • Shared today on Twitter

    Goddamn my sister and her stupid paranoia-inducing “Har, har, you’re probably PREGNANT!” jokes. It’s just REFLUX.


    2nd visit to physio this morning. Massage + heat pack = best morning ever. Have been told to take it easy on rower at Spudds today.


  • Shared today on Twitter

    @Steffi_83 Cool! Girard is a top bloke. Sorry I missed it.


    @Steffi_83 If I don’t go Wednesday lunch, I’ll be there.


    The sun is shining and I’m feeling much better. Ready to attack the To Do list!


  • The Male Programmer Privilege Checklist

    The Male Programmer Privilege Checklist. Wow, I found myself nodding along at SO MANY of those:

    • Not having to wonder whether you’re well-known in your community simply for being “the female one”.
    • The freedom to make mistakes or say stupid things without worrying about it getting added to the pile of “why women suck at computer stuff”.
    • If you’re married, having people take you to lunch without them speculating on how your spouse would feel about them taking you to lunch.
    • Having interests that are stereotypical for your gender without having to worry you’ll be taken less seriously because of it.
    • Having interests that are unstereotypical for your gender and getting seen as cool and progressive rather than freaky and asexual for it.
    • Not having to choose between dressing/acting stereotypically for your gender and being thought unprofessional (or not a Real Geek) for it, and dressing/acting un-stereotypically and being thought unseemly.
    • The freedom to switch to a less technical career without feeling like you’re betraying the cause of gender equality.

    That last one floored me. I actually said that one out loud in a performance review last year. I knew that my heart wasn’t in development, but I felt this insane desire to keep doing something I didn’t enjoy because I wanted there to be some girls doing it. I wish my male friends in IT would read through that list and realize just how good they have it.

  • Shared today on Twitter

    Holy crap. The whole Clare Werbeloff “chk-chk BOOM” thing WAS a hoax! http://bit.ly/2d0MVG She made it all up!


    Emerged from our cave & wandered to Chippo’s Good Neighbour BBQ for a free snag. They’ve got a clown! #fb http://yfrog.com/0tukcj


    @twelveeyes Two weeks at least, often more. They haven’t told me closing date yet, but definitely not til June.


    15 min into hourlong run. Just stopped to watch rowers in Blackwattle Bay. http://yfrog.com/5gbrgj


    Just completed a 7.25 km run with @runkeeper, check it out http://bit.ly/HeshI #runkeeper


    Ugh. Sudden headache last night kept me up all night. Feel even worse this morning. Maybe I caught a bug from evil knitters on Sat?


    The Male Programmer Privilege Checklist: http://bit.ly/88RCD . I nodded like 20 times. I’ve witnessed just about all that stuff.


    Decided to call in sick and rest up. Tucked up in bed with laptop, eyelids drooping…


  • Guild SGM

    I’d try to sum up the insane Knitters Guild Special General Meeting I went to yesterday, but I couldn’t do it any better than Mary-Helen already did. Really, it was just the culmination of the whole drama set in motion at the AGM in March. A harmless but necessary motion got scuppered from the AGM agenda due to bureaucratic bungling (and a missed printer’s deadline), and here we are two months later with continued bad feelings and ill will all around. I sat there in the back of the room knitting away on my sock, wondering (for the millionth time) why in the hell I was wasting my Saturday on such a pointless exercise. And of course, the SGM wasn’t the end of it; I had to stay for the combined Convenor’s and Executive meeting. All up, I spent SIX HOURS of my weekend (a weekend I really needed after a stressful week) sitting in meetings listening to people suck all the fun out of something that is supposed to be a hobby. GAH.

  • Shared today on Twitter

    Someone just referred to the fact that “we’ve only had print since the 20th century.” @WittyKnitter nearly choked.


    So very tired and bored. I will leave the outrage to those who got a good night’s sleep.


    Halfway through. 1st part all came to nought. Ugh, whatev.


    Okay, that was nearly SIX HOURS of knitting guild drama. Is it too early to start drinking?


    @mrs_sockvictim Gutenberg who? 🙂


    @AusVintageGrrl Unfortunately not. A motion that would have passed without notice at the AGM was defeated because of personality conflicts.


    @randomknits Haha, me too! I finished off the toe of one, managed to Kitchener the toe amidst the insanity, and knit most of the leg of #2!


    HOLY CRAP. Major osCommerce bug squashing tonight. Really weird session issue: http://bit.ly/Q9ysY . Thank god for patient customers!


    Now, I think some beer and Welsh rarebit is in order…


    @Timmay83 And you always double-down on eleven. ALWAYS.