Month: May 2009

  • Cross Stitch Cars

    Cross stitch… ON CARS! That’s pretty neat. I’m still bitter that my Dad talked me out of stencil-painting my crappy car in high school.

  • Another baby

    Judging by his post on Facebook, my brother Anthony and his wife Kara went to the hospital to have their second child about seven hours ago! Can’t wait to get the update…

  • Shared today on Twitter

    @steven_noble You never, NEVER ask a woman that question. EVER. Some of us just have pot bellies. I got asked it at the Geek Girl Dinner. 🙁


    @traceyh That actually made me light-headed to read. HOLY CRAP. Congratulations! Jovie is gorgeous. But man… I don’t know how you did it.


    Grrr. Samoan guy with crazy hair in a suit walking around the office. Reminds me of some movie. WHAT IS IT? I can’t remember…


    @imdominating Nah, it’s like a big ‘fro.


    @imdominating THAT’S TOTALLY WHAT I’M THINKING!


    If anybody in Sydney needs a good cleaner, ours has a few openings available. AND THEY ROCK. DM me for details.


    @Steffi_83 $70 to do our whole place. We get them in once a fortnight. They’ll give you a quote once they see your place. You want details?


    @crumpet Eh, it wasn’t that great. I was expecting something much more awesome.


    @Steffi_83 Pretty good. Had physio again today, so I took it easy on the rower. Eight of us from work, & more people = easier workout. 🙂


    I had to buy ear plugs rated to 33dB to drown out the daily 5am bouts of Cat Wrestlemania. Now you know why I’m grumpy in the morning.


    Just completed a 4.62 km run with @runkeeper, check it out http://bit.ly/jIc2k #runkeeper


    @venks79 Actually today they were pretty good! That’s just how contrary they are.


    Just got the new company phone list. ALL of my information is incorrect. FML.


  • Shared today on Facebook

    I had to buy ear plugs rated to 33dB to drown out the daily 5am bouts of Cat Wrestlemania. Now you know why I’m grumpy in the morning.


  • Three Sisters Garden

    Hm. I was all excited to plant a Three Sisters Garden (corn, beans, squash) til I read the bit about needing a minimum plot of 10’x10′ to ensure good corn pollination. Huh. I guess that’s why it pretty much sucked the last time I tried to grow it.

  • RunningBlog: Ramping Up

    The Sydney running season is upon us and I’ve started to ramp up my training a bit. My ultimate goal is the Half Marathon at the Running Festival in September, so I’m using the 20 week training plan from that site. There are also a number of shorter races along the way this winter. First was the Mother’s Day Classic 8K I ran a few weeks ago. Next up is the Bay Run on August 2nd, a 7km run around Iron Cove Bay. I’m running it as a team with Shane, Tim, and Stef. The following Sunday will be the City 2 Surf, where once again I’ll try to break the elusive 100-minute barrier. I just have to talk the Snook into running with me…

    This week: 22.39km (14mi)
    Previous week: 17.41km (11mi)

    One difficulty this year is some general lower back pain and stiffness. I think I injured it trying too hard on the rowing machine at Spudds. I’ve been to the physio last Wednesday and today, and she’s given me some exercises and stretches. A big part of it is my right hip being way too tight, as it was last year.

  • osCommerce Session Vulnerability

    osCommerce Session Vulnerability
    I’d just like to note for the sake of future Googlers that osCommerce has a huge whacking security hole in the way that it handles sessions. I found this on Saturday when the new Morris & Sons site launched and a fellow Raveler told me she was seeing “other people’s stuff” in her shopping cart. “Huh?” I thought. “That’s not possible.” Half a dozen people had tested the new site and not one of them reported anything like that. It was only after emailing back and forth with her and doing some digging that I discovered the problem. She was following a link from a recent newsletter, a link that happened to include a session id. I’d noticed a few links like that before but didn’t think it was a problem. “After all,” I thought, “surely osCommerce creates a new session when you come to the site anyway.” WRONG. It looks for the session in the link, and when it doesn’t find anything it RECREATES IT. Then if someone else follows the same link in the next 5-10 minutes, BAM. Two people with the same session. Huge, huge security hole. The solution ended up being pretty simple, in that I simply changed the site to require cookies for session handling. (I then tested and confirmed that two separate people following a link with the same session id end up with different session ids in their cookies.) Still, it’s a pretty big issue and it’s not well-publicised. The Snook was pretty livid when we figured it out. “The amount of fail in that implementation still amazes me,” he said. “The fact that I could invent a session ID, email it to you, and then snoop everything you’re doing on the site and get access to your account once you log in.” Yep. If you have an osCommerce install, lock it down, kids.

  • Congrats, Tracey!

    Congratulations to Tracey and Regan on the birth of their daughter Jovie! But man, reading that birth story actually made me light-headed.

  • Shared today on Twitter

    Goddamn my sister and her stupid paranoia-inducing “Har, har, you’re probably PREGNANT!” jokes. It’s just REFLUX.


    2nd visit to physio this morning. Massage + heat pack = best morning ever. Have been told to take it easy on rower at Spudds today.


  • Shared today on Twitter

    @Steffi_83 Cool! Girard is a top bloke. Sorry I missed it.


    @Steffi_83 If I don’t go Wednesday lunch, I’ll be there.


    The sun is shining and I’m feeling much better. Ready to attack the To Do list!