• Shared today on Twitter

    Guidelines for writing better use cases: http://bit.ly/dsq0X. Food for thought.


    It’s odd how getting email from the company that sacked you 6 months before still brings on immediate feelings of annoyance and bitterness.


    @kdelarue Very interesting. I got an email the other day from somebody reading it who managed to find my site. I’ll have to look for it…


    @kdelarue Treglown (prev biographer) thought that Dahl exaggerated a lot of his “spy” activities. Wonder if Conant has actual evidence…


    This is disgusting. An Indian friend told me of a narrow escape from violent racist bogans in Bondi few weeks ago: http://bit.ly/A9Cml


    On my way to a special birthday dinner for @gadgetgirl70… πŸ™‚


    Hooray! It’s Amy blowing out her candles… http://yfrog.com/0kbw1qj


    So stuffed with Indian food. Nilgiris in St Leonards = highly recommended, especially if you get a private cushion room!


    Hooray! I’ve got a new little nephew: Mason Anthony Howard. Congrats to Ant and Kara!


    @Justacogitating I haven’t gotten much other than a pic. (Just emailed to you guys.) But presumably everything is okay!


    @bellsg Good grief. I thought the M&S server crashing last weekend was bad. At least we didn’t get friggin’ death threats over it.



  • Shared today on Facebook

    Hooray! I’ve got a new little nephew: Mason Anthony Howard. Congrats to Ant and Kara!



  • Shared today on Twitter

    Just found out that one of my best college friends is coming out to visit in October and gets to come to our Halloween party. YAY, EILEEN!


    @BostonSydney Don’t bother with train. It’s expensive and slow. It’s worth it to get a cab, especially if you can split with somebody else.


    Can this be right? http://forecasts.org/ausd.htm They’re predicting near parity between AUD and USD by end of the year?!


    @BostonSydney Not terribly common, but it wouldn’t hurt to ask. Especially if you make any friends on the long, long flight over!


    @Gin_ev_ra I always thought the model in that ad looked like a drag queen. There’s a LOT of makeup happening there, and not in a good way.


    @eileenDCoE WOOHOO! Roomate and Roomater Down Under. I may have to break out the crayons for that one…


    @shanea You are totally invited. I need to provide @eileenDCoE with the widest possible range of single Aussie men. πŸ™‚


    RT @neilhimself: RT @pussreboots: Is that why scientists are always losing their keys? <- Tell me about it. Right, @eileenDCoE? πŸ™‚


    @twelveeyes Yeah, my cousin @imdominating sent me this link today: http://www.popsugar.com/3196745. πŸ™‚


    Heading to the city for knitting at the Grace Hotel. Anybody else going that way?


    Had a great time at knitting tonight. Probably 15+ knitters, and every single one on #ravelry as far as I could tell!


    Croque Monsieur – sandwich of the gods – about to come out of the oven…


    Oh, hells yeah! http://yfrog.com/0cdckyj


    No no no… not burnt! Just some very brown cheese. It was beeyoootiful. Here’s the recipe: http://bit.ly/ywzd5


    @steverunner We get similar laughs when the vet calls about our kitten Petey, whose full name is “Professor Death.” (Husband named him.)


    Just completed a 5.96 km run with @runkeeper, check it out http://bit.ly/Vi2d6 #runkeeper


    It’s like the 480 bus drivers have my picture up or something. Total ENEMIES, I tell you.



  • Cross Stitch Cars

    Cross stitch… ON CARS! That’s pretty neat. I’m still bitter that my Dad talked me out of stencil-painting my crappy car in high school.


  • Another baby

    Judging by his post on Facebook, my brother Anthony and his wife Kara went to the hospital to have their second child about seven hours ago! Can’t wait to get the update…


  • Shared today on Twitter

    @steven_noble You never, NEVER ask a woman that question. EVER. Some of us just have pot bellies. I got asked it at the Geek Girl Dinner. πŸ™


    @traceyh That actually made me light-headed to read. HOLY CRAP. Congratulations! Jovie is gorgeous. But man… I don’t know how you did it.


    Grrr. Samoan guy with crazy hair in a suit walking around the office. Reminds me of some movie. WHAT IS IT? I can’t remember…


    @imdominating Nah, it’s like a big ‘fro.


    @imdominating THAT’S TOTALLY WHAT I’M THINKING!


    If anybody in Sydney needs a good cleaner, ours has a few openings available. AND THEY ROCK. DM me for details.


    @Steffi_83 $70 to do our whole place. We get them in once a fortnight. They’ll give you a quote once they see your place. You want details?


    @crumpet Eh, it wasn’t that great. I was expecting something much more awesome.


    @Steffi_83 Pretty good. Had physio again today, so I took it easy on the rower. Eight of us from work, & more people = easier workout. πŸ™‚


    I had to buy ear plugs rated to 33dB to drown out the daily 5am bouts of Cat Wrestlemania. Now you know why I’m grumpy in the morning.


    Just completed a 4.62 km run with @runkeeper, check it out http://bit.ly/jIc2k #runkeeper


    @venks79 Actually today they were pretty good! That’s just how contrary they are.


    Just got the new company phone list. ALL of my information is incorrect. FML.



  • Shared today on Facebook

    I had to buy ear plugs rated to 33dB to drown out the daily 5am bouts of Cat Wrestlemania. Now you know why I’m grumpy in the morning.



  • Three Sisters Garden

    Hm. I was all excited to plant a Three Sisters Garden (corn, beans, squash) til I read the bit about needing a minimum plot of 10’x10′ to ensure good corn pollination. Huh. I guess that’s why it pretty much sucked the last time I tried to grow it.


  • RunningBlog: Ramping Up

    The Sydney running season is upon us and I’ve started to ramp up my training a bit. My ultimate goal is the Half Marathon at the Running Festival in September, so I’m using the 20 week training plan from that site. There are also a number of shorter races along the way this winter. First was the Mother’s Day Classic 8K I ran a few weeks ago. Next up is the Bay Run on August 2nd, a 7km run around Iron Cove Bay. I’m running it as a team with Shane, Tim, and Stef. The following Sunday will be the City 2 Surf, where once again I’ll try to break the elusive 100-minute barrier. I just have to talk the Snook into running with me…

    This week: 22.39km (14mi)
    Previous week: 17.41km (11mi)

    One difficulty this year is some general lower back pain and stiffness. I think I injured it trying too hard on the rowing machine at Spudds. I’ve been to the physio last Wednesday and today, and she’s given me some exercises and stretches. A big part of it is my right hip being way too tight, as it was last year.


  • osCommerce Session Vulnerability

    osCommerce Session Vulnerability
    I’d just like to note for the sake of future Googlers that osCommerce has a huge whacking security hole in the way that it handles sessions. I found this on Saturday when the new Morris & Sons site launched and a fellow Raveler told me she was seeing “other people’s stuff” in her shopping cart. “Huh?” I thought. “That’s not possible.” Half a dozen people had tested the new site and not one of them reported anything like that. It was only after emailing back and forth with her and doing some digging that I discovered the problem. She was following a link from a recent newsletter, a link that happened to include a session id. I’d noticed a few links like that before but didn’t think it was a problem. “After all,” I thought, “surely osCommerce creates a new session when you come to the site anyway.” WRONG. It looks for the session in the link, and when it doesn’t find anything it RECREATES IT. Then if someone else follows the same link in the next 5-10 minutes, BAM. Two people with the same session. Huge, huge security hole. The solution ended up being pretty simple, in that I simply changed the site to require cookies for session handling. (I then tested and confirmed that two separate people following a link with the same session id end up with different session ids in their cookies.) Still, it’s a pretty big issue and it’s not well-publicised. The Snook was pretty livid when we figured it out. “The amount of fail in that implementation still amazes me,” he said. “The fact that I could invent a session ID, email it to you, and then snoop everything you’re doing on the site and get access to your account once you log in.” Yep. If you have an osCommerce install, lock it down, kids.



ABOUT

My name is Kris. I’ve been blogging since the 90’s. I live in Sydney, Australia, and I spent most of my career in the tech industry.

No AI used in writing this blog, ever. 100% human-generated.


search


CURRENTLY LISTENING


CURRENTLY READING


LATEST COMMENTS

  1. My home economics teacher taught us to use “J cloths” as press cloths. (Cellulose cleaning cloths). The upside of using…


BLOG ROLL


STAY CONNECTED


Special thanks to Matt Hinrichs for the site logo!