-
Significant XSS attack against Apache used to steal passwords from admins and contributors, and to root internal work projects. XSS is not a trivial defacement attack when it can be used to compromise something viewable by an administrator and steal their session cookie.
Happy birthday, Mr. Jefferson
Thomas Jefferson was born 267 years ago, on April 13, 1743. Seventy-six years later he would lay the cornerstone at the University of Virginia.
I’ll have a few more thoughts later about Mr. Jefferson, UVA, and Founder’s Day, but for now two thoughts from the man himself:
Determine never to be idle…It is wonderful how much may be done if we are always doing.
Enlighten the people, generally, and tyranny and oppressions of body and mind will vanish like spirits at the dawn of day.
Zero day, yo
-
And I quote, “Man, cousin, I'm about to put in the work,/assert authority. Administrative access: crack this./If your patches back in the past, this/0day gets you on a root trip. True crypt./Key file, I will keystyle shell code,/triple sevens all up on the ch mod.” Wack.
Adventure looking forward
Chris Baldwin’s brilliant comic (I won’t belittle it by calling it a “web comic”) Little Dee ended today. He’s been winding it down for months, so it’s no surprise that it’s over. What is a surprise to me is how resonant the ending is, even in its first two panels:
It’s tempting, as I start to see forty up on the horizon, to think that all my adventures and all the beauty are behind me. Weeks like last week, when my father in law was in and out of the hospital and I was forced by illness to withdraw from a Tanglewood Festival Chorus concert run that would have taken me to Carnegie Hall, seem to reinforce that thought.
But then I watch my family, and I catch my breath a little bit at all the beauty that is yet to come.
Grab bag: Foolishness, sputtering, and agendas
-
Nice roundup of foolish Apple, Mac, iPad and iPhone punditry.
-
Lies, damned lies, and statistics, or how claims that stimulus spending is biased toward Democratic congressional districts can be debunked by simply examining the relationship between the districts and what else is there (clue: state capitals!).
-
An excerpt from Clay Shirky’s “The Collapse of Complex Business Models.” When you hear someone sputtering to defend their old business model, think about whether it means anything more than a failure of their imagination.
-
Nice link to one of my favorite improbable typographic success stories. And the part quoted is even from before Jan Tschischold revolutionized the design of the line.
Spectating
-
The old University of Virginia Magazine, later the Virginia Spectator, is on Google Books now with some issues dating back to the mid 19th century.
Ten years ago
Ten years ago, give or take two weeks, I posted my first permanent update on my Manila site, the web site that morphed into this blog.
Userland Software‘s Manila was a hobby for me for a few months starting back in 1999. When I first got DSL (back when we still called it ADSL), it was new enough that no one really was clear about whether it was kosher to run a server from your house, and certainly new enough that Bell Atlantic (yes, this is before it was called Verizon) was filtering traffic upstream. So I ran an HTTP server on my Mac, using first personal web sharing and then Aretha to run a little web site.
Sometime later Dave Winer and Userland opened up EditThisPage.com, and I set up my own blog there, and that’s when it all took off. The site, originally hosted at jarretthousenorth.editthispage.com, was something I played with for a few months in early 2000. Then I went to B-school and stopped having time to play with things. Then I moved to Seattle for a summer by myself and had way too much time on my hands. And I started writing.
These days, I hardly have enough time to write at all, save for the occasional Glee Club history writeup. But I still think back to the technology that started it all, and I’m grateful to Dave for starting something big that turned into something big for me.
Should product management shield engineering?
-
Interesting discussion about the role of product management at Gmail. Look at the comments thread for how this approach is received by customers.
Grab bag: Two turntables and a microphone
-
I swore I was done buying clever tshirts, but I may have to buy this tshirt.
-
’cause you have to figure that those red light cameras are doing OCR on the images before they insert them into a database… and that the developer never anticipated that the result might be an injection vector.
-
Nice illustrated guideline to mixing fonts.
-
Roundup of reactions to the passage of the healthcare reform legislation.
-
Interesting and useful roundup of Flash management tools.
-
Helpful graphic and text laying out the impacts of the health care legislation on the insured and the uninsured.
-
…Edward Tufte kills a kitten.
Stop, said God, holding his head
I am working this afternoon in my garage, having cleaned off the top of my workbench for the first time in recent memory. I find a cassette tape next to the workbench–the garage radio is the only one in the house that can play cassettes–and put it in. It’s the Virginia Glee Club and Smith College Glee Club at Smith, fall 1992. I listen to side B first—Smith sings the “Alice in Wonderland” songs by Irving Fine, a few other tunes, and then a reasonable joint performance of Bernstein’s Chichester Psalms. (Though I’ve never forgiven the Smith director for insisting that we use an alto soloist in the second movement instead of a countertenor.)
Then I flip the tape to side A. The Glee Club set that fall opened with a four-part meditation on the death of Absalom: Josquin’s “Absalon, fili mi,” the Sacred Harp tune “David the King,” Tomkin’s “When David Heard,” and our premiere of Benjamin Broening’s setting of “When David Heard.” In other words, a fine uplifting set. Then I heard—a hum. Some multi-tonal stuff going on. I go over and look at the tape liner notes. It’s “Time Piece.”
“Time Piece“! Written for the King’s Singers in 1972, it goes from polytonal to high comedy to low comedy. After a while, there are cuckoo clocks, roosters, and other vocal effects, and then C. J. Higley, bless him, as the voice of God, yells “STOP!” The chorus intones, “‘Stop’, said God, holding his head…” and then continues for another five minutes more. Total run time: about 15 minutes. The Smith chorus (and audience) were moved to laughter at more than a few points.
And then we wrapped up with another three song set of spirituals.
I can’t imagine doing such a long guest set today. I also can’t believe that we only performed “Time Piece” twice (once during the Kickoff Concert that fall, once at Smith). But by springtime we were on to Young T.J. and a totally different repertoire.
Grab bag: Alex Chilton RIP
-
Today’s daily WTF: a draft spec web API for zero-polling two-way communication in HTML and JavaScript. Because nothing says “cool” like having some server be able to ram data down to your browser unrequested. … Actually, scratch that. Nothing says “insecure” like having some server be able to ram data down to your browser unrequested.
-
Executable file format hacking for fun and … profit? Seriously, if you’ve ever wondered how it’s possible to get self replicating code to be small enough to fit inside a single UDP packet (SQL Slammer, e.g.), now you know what some of the tricks are.
-
Best Alex Chilton anecdote of all time.
-
Memories of Alex Chilton.
-
Great post and series of photos of the Massachusetts March flood.
-
Another good voice is gone. I had hoped that there would be a day before he died that Big Star would be playing on everyone’s iPod. I guess that day is going to be tomorrow.
-
A brilliant media put-on from Devo that reads like a lot of posts I’ve read on Pho recently.
-
I find it interesting that very few of the anti-health-care folks I hear from online address the effects of the exchanges, or the tax cuts.
-
Thought provoking survey of Eastwood’s career on the cusp of 80.
Alex Chilton RIP
I was startled and saddened last night to read about the passing of Alex Chilton, lead singer for Big Star (and the Box Tops). I came to the music of Big Star late, but became a full convert after arriving at the band via a Chris Bell recording. Big Star was really the band of the 2000-2009 decade for me in a way; I spent weeks with “#1 Record/Radio City” on repeat, put songs by the band on no fewer than 14 mix CDs, and posted a gushing love letter to the band on Blogcritics (where I was rightly remanded for my callowness).
It’s hard to believe he’s gone. I know he was a completely different artist after the first two albums–hell, even their third album is a completely different experience–but listening to “Give Me Another Chance” he seems like he should be immortal.
Other posts: Joe Gross on Alex Chilton’s passing; another link to an article about the recording of the classic Radio City album.
Eastwood at 80
-
Thought provoking survey of Eastwood’s career on the cusp of 80.
New mix: Happy time
The aftermath of a big flood feels like the right time to publish my first mix in about six months. Happy time is one part of a two part mix. This time, I might not ever get around to part two, because it’s the downside of this mix, and I’m enjoying the happy side too much.
Track list:
- Finest Worksong (Mutual Drum Horn Mix) – R.E.M. (Eponymous)
- Reena – Sonic Youth (Rather Ripped)
- Moby Octopad – Yo La Tengo (I Can Hear The Heart Beating As One)
- Scared Straight – The Long Winters (When I Pretend To Fall)
- Hot Pants Road – The J.B.’s (Pass the Peas: The Best of the J.B.’s)
- I’ll Take You There – The Staple Singers (Best of the Staple Singers)
- Helicopter – M. Ward (Transfiguration Of Vincent)
- Beautiful – Paul Simon (Surprise)
- Cello Song – Nick Drake (Five Leaves Left)
- It’s Not the Only Way to Feel Happy – Field Music (Field Music)
- Thirteen – Big Star (#1 Record – Radio City)
- Hopefully – My Morning Jacket (At Dawn)
- Fistful Of Love – Antony and the Johnsons (I Am A Bird Now)
- No Man in the World – Tindersticks (Can Our Love…)
- Happy Time – Tim Buckley (Morning Glory: The Tim Buckley Anthology)
- People Got a Lotta Nerve – Neko Case (Middle Cyclone (Bonus Track Version))
- Sweet Thing – Van Morrison (Astral Weeks)
- Number Two – Pernice Brothers (Yours, Mine and Ours)
Commentary: Did R.E.M. record “Finest Worksong” with the horns in mind, or was it a cynical touch by some producer when it was time to release the single? It reads as a brilliant move, though, 22 years later. I’m of two minds about “Reena”–such a simple song for Sonic Youth–but the fact that I can’t get it out of my head two years on settles it for me. Ditto “Moby Octopad”, which is less a song than an extended riff, but no less brilliant for that.
“Scared Straight,” on the other hand, is a song, and a flipping brilliant one. And the horns alone are worth the price of admission. The horns also provide a great segue into “Hot Pants Road,” which makes a very nice segue into “I’ll Take You There.” A nice little singer songwriter set–“Helicopter,” Paul Simon’s “Beautiful,” “Cello Song”–follows, before we get into the psychosexual set of “Thirteen,” “It’s Not the Only Way To Feel Happy,” “Hopefully,” and “Fistful of Love” (and only Lou Reed could set up that song).
And then the last set. I won’t say anything about it, except that “Sweet Thing” may be the greatest single song ever. How was it that I missed out on Astral Weeks for all this time?
(Update: now on Art of the Mix.)
Flood time again
-
It's been a wet day in the Boston area.