onLine weblog archive

Saturday, May 13, 2000

I'm telling you, Bill Gates is EVIL!
This week's A List Apart is on Stewart's 5k contest. Cool.

Friday, May 12, 2000

Blogger is taking some steps in dealing with the IE cookie security hole:
NOTE: We have decided to disable the "remember me" feature until we (or Microsoft) find a solution to this problem.
Unfortunately, this doesn't really solve the problem. Blogger still uses cookies, just not permanent cookies. That means I can still steal your cookie if you are logged on to blogger.com. [However, I am finding it much more difficult to use that cookie info to impersonate people. 4:30]
Derek didn't much like my suggestion that Microsoft turn off scripting in Outlook to avoid the spread of virus's like ILOVEYOU. This Slate article by James Gleick has some more thoughtful suggestions, and some interesting facts about the virus that I didn't know.
From CNET.com: Yahoo expands Web hosting services.
Yahoo also hopes to use the expansion to attract more advertisers and visitors to its own Web site and services. One of the new sites, for instance, will be able to connect to Yahoo's auctions and classified sections through a link.
Excellent! They're going to start using links at Yahoo.com!
From Entertainment Weekly:
Sources say [NBC], which is set to announce its fall schedule on Monday in New York, has ordered four new comedies and three new dramas for fall. Sure to generate the most interest is the Richards project, which features the former ''Seinfeld'' costar as a novice detective.
I have high hopes for this, but I also expect that my hopes will be dashed by another poorly written, ill-conceived Network sitcom.
Here is something I plan to incorporate into glish.com when I redesign. Scrollable DIVs!
The birds are beginning to sing, and I am going to bed.
Here's the Metafilter discussion about the IE cookie security hole. I think it is interesting that some people are not fully convinced that this is a serious problem. What is it, like 90% of internet users are using IE on a PC? And they are all vulnerable to a very simple exploit of the hole. Don't believe me? Try this out. It took me about an hour to do.

The demo may seem a bit cumbersome, but that is for your protection. If I was so inclined, I could hide the whole process from you and grab your cookies for any domain I chose, and I could then impersonate you at that website. Of course, many sites require a password before any major changes are effected. But MANY don't. Think about Amazon's one-click ordering process. All that requires is your cookie! We should all be afraid.

Thursday, May 11, 2000

Blogger accounts accessed so far: 4 (all with permission, of course). If you are the hoolahoop person, I couldn't publish any of the changes I made because you did not enter your FTP password (hey, I don't blame you). You can go to www.blogger.com to see the posts I added.
Someone (IP address 172.128.118.37) tried to send me their blogger cookie by clicking on the http://www.glish.com/cookies.html link below, but they had not logged on to blogger. If that was you, log on to www.blogger.com and try again.

[5/20/00 -- To the best of my knowledge, the security enhancements that the folks at Blogger made since being alerted to this problem have repaired this vulnerability in their system.]

I can edit your blog

To prove how serious the cookie hole in IE is, I have set up the following demonstration. You must be using IE, and have checked "remember me" when you logged on to Blogger, or have logged on (and not off) to Blogger in your current browser session.
  1. Go create a new account at http://www.blogger.com (unless you want me to mess with your real account), check "remember me" when you log on.
  2. Create a new blog, enter you FTP password if you want me to be able to actually publish changes I make.
  3. Add a blog entry that says you want me (Eric Costello) to add an entry to prove I was there.
  4. Go to http://www.glish.com/cookies.html.
I will get your cookie info and will soon have access to your blog. I have confirmed this works by hacking into pixelpony's blog.
In case you didn't know that Microsoft is irresponsible in their implementations of internet software (browsers, servers, you name it), here's a report of a security hole in IE that allows anyone to read cookies from any domain you have visited. That means that I, for instance, could read your amazon.com cookies, and if you have one-click purchasing turned on for your account, I could go and order some books for you. Thanks Microsoft!

Wednesday, May 10, 2000

Andre Torrez is doing some cool stuff with an XML file he pulls from blogger.com: Power Bloggers.
Feeling ill? Check out these flowcharts for self-diagnosis from The AAFP Family Health & Medical Guide. Via torrez.org.

Tuesday, May 09, 2000

Ouch! From Salon: RIAA 1, Napster 0.
Napster's main argument -- that it is exempt from copyright infringement since no files ever pass through company servers -- may have boomeranged. As the RIAA argued in court, if no files pass through Napster, then Napster by definition is not a conduit and cannot qualify under the first safe harbor.
Excellent! The Emperor has New Clothes : HTML Recast as an XML Application. Via evhead.com.
Zope identifies a very real security risk for users of Web Applications. Via Scripting.com.
An excellent article for ASP developers from Asptoday with a refreshing angle: Beyond Mere Performance - Part 1: The Performance Issue
Here's an article on something I need to work on.
Friend Message is like ILOVEYOU, but it deletes your system.
There's a new worm lurking based on the ILOVEYOU (a.k.a Loveletter.A) worm. Unfortunately, this worm is different enough to be considered a new worm.
Worm, worm. Worm.
Digital Web Magazine - Tutorial: Preparing for standard-compliant browsers, Part 1. Digital Web offers no permanent links to current content, so this link will no longer take you to the article I want it to when they put up a new issue. I apologize on their behalf.
Carl Steadman in TheStandard: Take It and Leave It.
Your next startup's investors can benefit from the mistakes you made with someone else's money, in the dubious hope that you're unlikely to repeat them. The only drawback: You'll have to try harder to fail better next time.

Monday, May 08, 2000

Here is the Bill Gates Time Magazine column I mentioned earlier: The Case For Microsoft.
The DOJ scheme also effectively imposes a ban of up to 10 years on the addition of any significant new end-user features to Windows. New features must be provided on an a la carte basis and priced separately to computer manufacturers. Provisions like these would kill innovation in the OS--and impair the livelihoods of the tens of thousands of independent software developers who depend on constant innovation in the OS to make their products more attractive. Updates to Windows and Office technologies that could, for example, protect against attacks such as the Love Bug virus would also be much harder for computer users to obtain.
Hey Bill: if you could do something to protect users from viruses like ILOVEYOU (and you could), why the heck didn't you? You yacker. I'm prickly today, aren't I?
Matthew Haughey today confirmed that the davewiner account at Metafilter is indeed the real Dave Winer . I had decided I was duped by an imposter in this thread, which helped me make sense of the absurd comments made by davewiner. Now I guess I just think he is insane.
I did this site in early '96, when I was living in Brooklyn and considering trying to get freelance web work. I never actually finished it because Derek and Aaron and I decided to start Schwa. Anyway, it was my first and last attempt at any sort of personal site before I started glish.com in March of this year. This is all just purely FYI.
My name is Eric Costello. Apparently there is another Eric Costello who happens to be an animation fan. He runs (ran?) The Warner Bros. Cartoon Companion which provides a whole lot of background information on the subtext and references found in Warner Bros. cartoons from the 30's to the 60's.
Apparently, in a Time magazine column I have not read, Bill Gates says that it will be harder to protect users from viruses if Microsoft is split up. Is that a prediction or a threat?
Is this accurate? Did everybody that get infected by ILOVEYOU actually have to go through that dialogue box, save the file to disk, then find and run the file? Can't we punish those people somehow? And I'm talking about more than a spanking. I'm talking about revoking computer privileges.
Here's an in depth look at the ILOVEYOU virus code. Via Metafilter.
So have any of you San Francisco types paid a visit to Pac Bell Park? It sounds fantastic. I would love to hear your impressions.
FLUX Interactive features EXACTLY the type of gratuitous Flash work that I dislike. When I click on a link, I want to get to wherever that link takes me, I don't you to animate the process of me getting there. Oh, and I would like to include some of their lame ass interactive theory here, BUT IT'S ALL IN FLASH, so I can't copy and paste from their site. I will tell you that they totally misquote the old "if the only tool you have is a hammer, all problems begin to look like nails" aphorism to hilarious effect. Someone help save the web from crap like this.
archives: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212

offLine journal archive

where everything else is discussed

There are no offline archives for this period. Choose from the archives below:

archives: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49