afongen

Edd Dumbill: “All releases up to and including version 1.0 of XML-RPC for PHP have a serious security vulnerability, allowing hostile remote clients or servers to execute arbitrary code on your machine.” Update now.

I’ve been getting back into coffee, after a couple-year lapse. It probably started when I began my new job and a new ritual of walking to Dunn Bros. (on Grand) to grab a cup on the way to work. Too, a new shop’s opened up, another one that does its own roasting. Not bad so far.

What I really miss, though, is roasting and cupping. To some degree I’ve been able to enjoy some of that experience thanks to Michael, who’s had me over to try some of his espresso blends. Michael’s one of the very few people I know who understand espresso and enjoy it at the same level I do. He introduced me to Sweet Maria’s, and boy am I itching to start roasting again soon. They’ve got some truly excellent green coffee.

Wonderful weekend. We managed to do a bunch of vacation-like stuff this weekend, instead of just hanging around at home. It made for a very relaxing, heartening time.

This morning we went to the zoo to see the Meerkat exhibit. For some reason I have a soft spot for Meerkats. Cute little things. Cool exhibit, if smaller than I expected. There’s this tunnel that kids can use to climb into a clear plastic bubble right in the middle of the exhibit. Great fun.

I’m surprised that I haven’t said anything here about the SSSCA. Here:

The Register: Copy-control Senator sleeps while fair-use rights burn.

Wired: New Copyright Bill Heading to DC.

I don’t make a very good patriot. I’ve never much liked the “Star Spangled Banner” either. It’s alright as a poem and all, but it’s too hard to sing to be a decent national anthem and has never really had any emotional impact on me. At sporting events and graduations and such, I sit, unmoved, impassively ignoring the glares of those around me as they sing.

Tonight, though, something was different. Tonight I sat and listened as our national anthem was sung before a ball game. I watched the players’ faces on TV, I watched those around me, but most of all I listened. To the music and to the words.

And I cried.

Check out the HTML4.01 and CSS2 sidebars (for Mozilla/Netscape) on DevEdge. I’ll probably be using these all the time.

It’s looking like Apple may release OS X 10.1 next week. Much will be improved. If you’re a Mac user I recommend OS X . . . but not yet.

Mainly because the apps aren’t there. Microsoft plans to release its Office suite for OS X this November, for about $500 (!). That may more more than I’m willing to spend, but problem is there really is nothing better for the Mac. I really do like MS Word, and AppleWorks outright sucks. I might be able to work with StarOffice / OpenOffice once they’re ported to OS X, but I’m not sure about Kiara. We’ll see, I guess. There are other priorities. In the meantime, Office2001 is more than fine.

What I really want, of course, is one of these babies.

Quiet night. For the first time in a long time, I’m just kicking back. Listening to Sade, occasionally reading a Terry Goodkind book that my brother gave me but mostly just relaxing. It feels good. Maybe I’ll tackle some of the problems on this site tomorrow…

…but probably not.

CERT Advisory on Nimda.

And Nimda info from SANS.

I’m serious about this question: why run IIS? I’m not wondering why Windows, just IIS. What functionality does it bring to the table that makes the security risks worthwhile? If you have thoughts, please let me know.

Yep, a new worm. More info is available. It affects IIS web servers, of course.

Update: Microsoft’s posted a fix for IIS. Well, not so much a fix as a preventative tool: it filters requests based on the URL, according to a policy set by the administrator. Pretty useful-looking, that.

And still watch out for readme.eml when browsing the web, especially if you’re using Internet Explorer.

So tell me again why people run IIS?