Random Nonsense – Page 28

Sooo… what’s going on with you?

Today:

I’ve got a meeting out in Monterey today at 10:00AM and then I have to swing by San Jose back to the office. Just the driving alone will end up eating most of my day. I’m hoping to be able to get back to the office by 4-5:00PM.
Day 2 of my diet. My diet basically consists of not eating like a pig and monitoring what I eat using FitDay.com. It’s basically a free online food diary where you enter the food you’ve eaten and your weight and it tallies the calories, fat/protein/carbs, and gives you all kinds of nifty graphs. Finding the food can sometimes be an adventure, but overall it’s quite easy. I first used the site about six or so years ago and every time I’ve stuck with it longer than about two weeks, it’s helped me lose weight. The problem for me is that right up until the one or two week mark I’m always hungry. :)
Eating a big bowl of oatmeal with raisins and honey right now. I’ll grab some coffee on the way down to Monterey. I’ve got a bunch of music burned to an MP3 disc for the trip and will probably end up listening to NPR most of the way.

Okay, go go go!

Accidental Experiment #371

Hypothesis: If you leave a bunch of green-yellow bananas in a hot car on a hot day for five hours will the peels turn blackish-brown and the insides mushy and slimy.

Conclusion: Yes.

Citigroup – URL hacked? Seriously?

Apparently the hackers who stole all kinds of personal information to Citigroup’s website did so by URL hacking.

This is just unconscionable. Even before you get to cyber-security 101, SOMEONE should have figured out that putting the account number in plain text in the URL was a terrible idea.

I don’t care who you are, the first thing you need to know about dealing with a website is that your server cannot trust a user’s input. This can be for any number of, even very innocent, reasons – but primarily as a way to be ward against potential problems. It just sickens me that their website had what amounts to zero security. URL hacking isn’t even really hacking at all, it’s just a matter of tweaking URL address inputs. It’s essentially the equivalent of dialing a company’s phone number and changing the extension by one digit just to see if you can escape phone-tree-voice-mail-hell. ¹ ²

I mean, would you, as a bank, put deposit or balance information into the URL? NO. Otherwise in 5 seconds everyone would alter their links to include “&currentbalance=100000000000”. ³ Why, then, would you ever include plain text bank account numbers in the URL and not actually verify that information on the server side?! I mean, this is the kind of security you get with WordPress for free just by installing it.

The Citigroup website is very Web2.0, rounded corners, social-media and blogging links. It looks great. Did they just have their web designer handle security? How the hell did this happen?!

Okay, Sony, Facebook, Twitter – these things get hacked because of lame or re-used passwords. Those guys got hacked because their attackers were smart. Citigroup got hacked because they are too stupid to handle a basic website, let alone someone’s money.

Or purgatory? [↩]
Definitely purgatory [↩]
Or, better yet, “&currentbalance=pony” [↩]

Freecycle.org – why are you so terrible?

I’ve spent probably an hour today trying to give away an awesome sofa couch and matching stuffed chair. I tried to list it on Craiglist, but they had this terrible system where you had to give a phone number and wait for an automated phone call or SMS. It only allows you submit or try a phone number every five minutes. When the automated phone call doesn’t come through, you’re stuck trying another number. Oh, and you can only try up to three numbers in a 12 hour period. I just want to GIVE AWAY some awesome furniture! I’m not applying for a line of credit. After futzing around for an hour or so, Craigslist apparently gave up and let me post anyhow.

In the meantime I tried out Freecycle.org. What a fiasco. It took me 60 seconds to figure out how to sign up. To post anything you have to join a group – but joining a group was even less intuitive than the way to sign up. Once you joined a group, you were punted to a Yahoo Groups page. But, to do anything further you had to then sign up for a Yahoo! account – not that any of this was explicit.

I eventually just went old school – and wrote FREE on some cardboard and put them on the sofa and chair in the driveway.

Windows 8?!?!

What the hell? I’m not done hating Windows 7 yet!!!

Surprising spam comment

There was this spam comment to a recent post referencing Doctor Who’s sixth season:

..As with the series of Doctor Who last year the final two episodes before the finale have been much more small scale and in some ways a little different. Last week we had a largely Doctor-less story Love and Monsters and this week we got Fear Her a which is set largely in one single.

The wildest thing about this comment is that it isn’t entirely off base. The comment relates to the third season of Doctor Who with Martha Jones and the two episodes “Love and Monsters” and “Fear Her.” ¹ Someone supposedly named “E. Keith Owens” using the e-mail address “timmy_b_dickerson_dzn57@hotmail.com” who posted that spam comment apparently stole it from this website.

I have to wonder – is this a crazy new form of spam? Did they just type in a few keywords and then get two blogs – mine and that other one – then try to copy/paste our content as comments into each other, and try to get a link back to their crappy foreign exchange website? ²

What incredible nonsense. As with stupid scareware, why don’t smart people just spend their time creating things that offer value in exchange for money?

Incidentally, two of my least favorite episodes. [↩]
I deleted your link. So there. :P [↩]

Yesterday was a good day

Twice yesterday I had someone ask me, “Do you know something I don’t know?”

Whenever someone asks me that question, I get downright giddy and reply, “I know many things you do not know.”

Before I had robots…

My favorite open source project was WordPress. Now, don’t get me wrong, I love me my WordPress, but I tend to usually spend my precious tinkering time with robots.

But sometimes, such as this very morning, I enjoy just a little bit of tinkering. I’ve made a few very subtle changes to the blog. You shouldn’t notice unless you do something very odd here. If you do, you might notice a little extra wibbley wobbley in your timey wimey.

Congratulations Renosis!

Renosis and I had a friendly dispute. We decided to settle it by challenge – a Maker challenge.

I have a feeling Maker disputes are different from other kinds of disputes. Even though we were competing against each other, we still consulted each other, bounced ideas off one another, and, I like to think shared in each other’s successes. But, at the end of the day, he got more Likes for his epic Gangsta Chess Set than I got for my Fez Pezsta.

Would you like to know what the dispute was? Of course you would!

Renosis was sending me two of his extra bearings and a few extra hardware bits for the X-Axis Follower and wouldn’t accept any payment in exchange. We were both being stubborn about that point – he didn’t want to accept the $11 and I was insisting on paying.

If I won he would accept the $11. If he won, I would not pay him $11. :)

Google Giveth, and Google Taketh

So, apparently NOW I can access Google Groups while still logged into my Google account. However, now I can’t be logged into two separate accounts at the same time.

I think this is more irritating.

Is there some kind of Google competition for ways to be more aggravating? ‘Cause they’re winning.