onLine weblog archive
Saturday, May 13, 2000
I'm telling you, Bill Gates is EVIL
This week's A List Apart
is on Stewart's
5k contest. Cool.
Friday, May 12, 2000
is taking some steps in dealing with the IE cookie security hole:
NOTE: We have decided to disable the "remember me" feature until we (or Microsoft) find a solution to this problem.
if you are logged on to blogger.com. [However, I am finding it much more difficult to use that cookie info to impersonate people. 4:30]
» Derek didn't much like
my suggestion that Microsoft turn off scripting in Outlook to avoid the spread of virus's like ILOVEYOU. This Slate article
by James Gleick has some more thoughtful suggestions, and some interesting facts about the virus that I didn't know.
From CNET.com: Yahoo expands Web hosting services
Yahoo also hopes to use the expansion to attract more advertisers and visitors to its own Web site and services. One of the new sites, for instance, will be able to connect to Yahoo's auctions and classified sections through a link.
Excellent! They're going to start using links at Yahoo.com!
From Entertainment Weekly
Sources say [NBC], which is set to announce its fall schedule on Monday in New York, has ordered four new comedies and three new dramas for fall. Sure to generate the most interest is the Richards project, which features the former ''Seinfeld'' costar as a novice detective.
I have high hopes for this, but I also expect that my hopes will be dashed by another poorly written, ill-conceived Network sitcom.
is something I plan to incorporate into glish.com when I redesign. Scrollable DIVs!
The birds are beginning to sing, and I am going to bed.
the Metafilter discussion about the IE cookie security hole. I think it is interesting that some people are not fully convinced that this is a serious problem. What is it, like 90% of internet users are using IE on a PC? And they are all vulnerable to a very simple exploit of the hole. Don't believe me? Try this
out. It took me about an hour to do.
The demo may seem a bit cumbersome, but that is for your protection. If I was so inclined, I could hide the whole process from you and grab your cookies for any domain I chose, and I could then impersonate you at that website. Of course, many sites require a password before any major changes are effected. But MANY don't. Think about Amazon's one-click ordering process. All that requires is your cookie! We should all be afraid.
Thursday, May 11, 2000
Blogger accounts accessed so far: 4 (all with permission, of course). If you are the hoolahoop
person, I couldn't publish any of the changes I made because you did not enter your FTP password (hey, I don't blame you). You can go to www.blogger.com
to see the posts I added.
Someone (IP address 18.104.22.168) tried to send me their blogger cookie by clicking on the http://www.glish.com/cookies.html
link below, but they had not logged on to blogger. If that was you, log on to www.blogger.com
and try again.
[5/20/00 -- To the best of my knowledge, the security enhancements that the folks at Blogger made since being alerted to this problem have repaired this vulnerability in their system.]
I can edit your blog
To prove how serious the cookie hole in IE
is, I have set up the following demonstration. You must be using IE, and have checked "remember me" when you logged on to Blogger, or have logged on (and not off) to Blogger in your current browser session.
- Go create a new account at http://www.blogger.com (unless you want me to mess with your real account), check "remember me" when you log on.
- Create a new blog, enter you FTP password if you want me to be able to actually publish changes I make.
- Add a blog entry that says you want me (Eric Costello) to add an entry to prove I was there.
- Go to http://www.glish.com/cookies.html.
I will get your cookie info and will soon have access to your blog.
I have confirmed this works by hacking into pixelpony's blog
In case you didn't know that Microsoft is irresponsible in their implementations of internet software (browsers, servers, you name it), here's a report
of a security hole in IE that allows anyone to read cookies from any domain you have visited. That means that I, for instance, could read your amazon.com cookies, and if you have one-click purchasing turned on for your account, I could go and order some books for you. Thanks Microsoft!
Wednesday, May 10, 2000
Andre Torrez is doing some cool stuff with an XML file
he pulls from blogger.com: Power Bloggers
Feeling ill? Check out these flowcharts for self-diagnosis
from The AAFP Family Health & Medical Guide. Via torrez.org
Tuesday, May 09, 2000
Ouch! From Salon: RIAA 1, Napster 0
Napster's main argument -- that it is exempt from copyright infringement since no files ever pass through company servers -- may have boomeranged. As the RIAA argued in court, if no files pass through Napster, then Napster by definition is not a conduit and cannot qualify under the first safe harbor.
a very real security risk for users of Web Applications. Via Scripting.com
An excellent article for ASP developers from Asptoday
with a refreshing angle: Beyond Mere Performance - Part 1: The Performance Issue
Here's an article
on something I need to work on.
» Friend Message
is like ILOVEYOU, but it deletes your system.
There's a new worm lurking based on the ILOVEYOU (a.k.a Loveletter.A) worm. Unfortunately, this worm is different enough to be considered a new worm.
Worm, worm. Worm.
» Digital Web Magazine - Tutorial: Preparing for standard-compliant browsers, Part 1
. Digital Web offers no permanent links to current content, so this link will no longer take you to the article I want it to when they put up a new issue. I apologize on their behalf.
Carl Steadman in TheStandard: Take It and Leave It
Your next startup's investors can benefit from the mistakes you made with someone else's money, in the dubious hope that you're unlikely to repeat them. The only drawback: You'll have to try harder to fail better next time.
Monday, May 08, 2000
Here is the Bill Gates Time Magazine column I mentioned earlier: The Case For Microsoft
The DOJ scheme also effectively imposes a ban of up to 10 years on the addition of any significant new end-user features to Windows. New features must be provided on an a la carte basis and priced separately to computer manufacturers. Provisions like these would kill innovation in the OS--and impair the livelihoods of the tens of thousands of independent software developers who depend on constant innovation in the OS to make their products more attractive. Updates to Windows and Office technologies that could, for example, protect against attacks such as the Love Bug virus would also be much harder for computer users to obtain.
Hey Bill: if you could do something to protect users from viruses like ILOVEYOU (and you could), why the heck didn't you? You yacker. I'm prickly today, aren't I?
Matthew Haughey today confirmed that the davewiner account at Metafilter
is indeed the real Dave Winer
. I had decided I was duped by an imposter in this thread
, which helped me make sense of the absurd comments made by davewiner. Now I guess I just think he is insane.
I did this site
in early '96, when I was living in Brooklyn and considering trying to get freelance web work. I never actually finished it because Derek
and I decided to start Schwa
. Anyway, it was my first and last attempt at any sort of personal site before I started glish.com in March of this year. This is all just purely FYI.
My name is Eric Costello. Apparently there is another Eric Costello who happens to be an animation fan. He runs (ran?) The Warner Bros. Cartoon Companion
which provides a whole lot of background information on the subtext and references found in Warner Bros. cartoons from the 30's to the 60's.
, in a Time magazine column I have not read, Bill Gates says that it will be harder to protect users from viruses if Microsoft is split up. Is that a prediction or a threat?
Is this accurate
? Did everybody that get infected by ILOVEYOU actually have to go through that dialogue box, save the file to disk, then find and run the file? Can't we punish those people somehow? And I'm talking about more than a spanking. I'm talking about revoking computer privileges.
» Here's an in depth look
at the ILOVEYOU virus code. Via Metafilter
So have any of you San Francisco types paid a visit to Pac Bell Park
? It sounds fantastic. I would love to hear your impressions
» FLUX Interactive
features EXACTLY the type of gratuitous Flash work that I dislike. When I click on a link, I want to get to wherever that link takes me, I don't you to animate the process of me getting there. Oh, and I would like to include some of their lame ass interactive theory here, BUT IT'S ALL IN FLASH, so I can't copy and paste from their site. I will tell you that they totally misquote the old "if the only tool you have is a hammer, all problems begin to look like nails" aphorism to hilarious effect. Someone help save the web from crap like this.