woodfordwhite

Sep 24

Dutch oven is a fart chamber created by pulling a blanket over someone’s head and farting. The phrase is a slang description based on the cooking action of a Dutch oven where food is cooked and steamed inside a closed chamber. Performing a Dutch oven creates an area of smelly gaseous air in an enclosed space that must be breathed in. This is done as a prank or by accident to ones sleeping partner. (via Shane Vigil)

Sep 06

L'esprit De L'escalier or "what I should have said" -

bestofwikipedia:

L’esprit de l’escalier or esprit d’escalier (stairway wit) is thinking of a clever comeback when it is too late. The phrase can be used to describe a riposte to an insult or any witty remark that comes to mind too late to be useful—when one is on the “staircase” leaving the scene of the encounter. The phenomenon is usually accompanied by a feeling of regret at not having thought of it when it was most needed or suitable. The French encyclopedist Denis Diderot originally described this situation in his Paradoxe sur le comédien. (via rednotebook)

Aug 29

Darwin Awards -

For the movie with the same name, see The Darwin Awards (film). Read more A Darwin Award is a tongue-in-cheek honour named after evolutionary theorist Charles Darwin. Awards have been given for people who “do a service to Humanity by removing themselves from the gene pool” (i.e. lose the ability to reproduce either by death or sterilization in a stupid fashion). According to Wendy Northcutt, author of the Darwin Award books: “The Awards honor people who ensure the long-term survival of the human race by removing themselves from the gene pool in a sublimely idiotic fashion.” The Darwin Award books state that an attempt is made to disallow known urban legends from the awards, but some older “winners” have been ‘grandfathered’ to keep their awards. Despite claiming veracity as a requirement, however, most submitted stories are not verified against reliable published sources, and many of them are fictional.

Aug 28

Dunning-Kruger Effect -

bestofwikipedia:

The Dunning–Kruger effect is an example of cognitive bias in which “…people reach erroneous conclusions and make unfortunate choices but their incompetence robs them of the metacognitive ability to realize it”. They therefore suffer an illusory superiority, rating their own ability as above average. Stephen Colbert, a talk show character played by actor Stephen Colbert, exhibits a confident and unaware ignorance typical of the Dunning-Kruger effect. (via @philellwood)

Aug 27

The Register - Another Twitter Vulnerability -

For the past 24 hours, Twitter engineers have been fighting a gaping hole that makes it easy for hackers to hijack the accounts of users who do nothing more than view a booby-trapped message.

So far, the hole is winning.

The XSS, or cross-site scripting, bug resides in an application programming interface Twitter provides to makers of dedicated software that works with the service. The hole makes it trivial to bypass protections that prevent user supplied javascript from being served on the twitter.com domain. After Twitter claimed to have fixed the vulnerability Tuesday, security researchers quickly figured out a new way to exploit the weakness. At time of writing, it remained wide open.

The bug was first reported by blogger James Slater in a post that demonstrated it could be used to run arbitrary code on the machines of people who did nothing more than view a booby-trapped tweet. Once viewed, the message pulls down the javascript that, if users are logged in, has the potential to change profiles, post tweets and steal authentication cookies.

“With a few minutes work, someone with a bit of technical expertise could make a Twitter ‘application’ and start sending tweets with it,” Slater wrote here on Wednesday. “Simply by seeing one of these tweets, code can be run inside your browser impersonating you and doing anything that your browser can do.”

The bug is the latest to highlight weaknesses in the Web 2.0 service used regularly by millions of subscribers. This time around, attackers are abusing an API that makes it simple for people to write stand-alone applications that send and read messages delivered over Twitter. The interface reserves space in each tweet for the name of the application. Slater showed that the box can be used to invoke potentially harmful javascript that Twitter has taken pains to block in other parts of its service.

“That’s a pretty big oversight,” said Jeff Williams, CEO of web application security firm Aspect Security. “It’s not uncommon when companies move from web services to APIs. They don’t take the same level of security scrutiny and apply it to the interface.”

Slater put it a little more forcefully. “Twitter made one of the most basic mistakes in developing web applications - never blindly trust data that is provided from the outside world!” he wrote. “Their form did no - or some very, very basic - checking on what you enter in the box.”

Twitter’s first stab at fixing the bug involved code that invalidated any links in the box that contained spaces, said Aviv Raff, a researcher whose recent month of Twitter bugs spent 30 days documenting more than 50 vulnerabilities affecting the site. Like Slater, he was able to bypass the fix by including URLs that contained no spaces.

“Not so smart [a] way to fix a vulnerability,” he said.

What that means is that if you use many web browsers to view Twitter, it’s possible, at least at time of writing, for someone to change your profile settings, send a message to all of your followers that appears to come from you or to steal cookies Twitter uses to help authenticate you. People who use third party apps to view tweets are less vulnerable, as are those who use Internet Explorer 8 and Firefox with the NoScript plugin. (In this case, a test account we used was successfully attacked using the latest version of IE, and Raff says NoScript isn’t likely to fare any better.)

The alacrity Twitter showed in trying to fix the bug suggests its security team is getting more serious about fortifying the heavily trafficked site. And for that, they deserve a pat on the back.

But the failure shows the team still has work ahead of it.

It’s also worth mentioning that many of the third-party applications used to send and receive tweets remain woefully insecure, according to Raff, who said a dozen or so of the bugs he discovered remain unpatched. They reside in apps such as HootSuite, TweetGrid, tr.im, TweetDeck and Twhirl. The common denominator among almost all of them: the Twitter API.

The API is so “easy to implement, that even novice developers can use it,” he told The Register. “Which means that insecure apps are being developed.” ®

Aug 26

Canon G10 may be the new Leica

g10:

So the new Canon G11 has been announced and people are looking - including me! But I have been carrying the G10 in my pocket for the past year or so and it has gotten to be a habit to grab my keys, wallet, a quarter (gotta have some cash) and the G10. Without it now I don’t feel dressed.

Having a camera with you at all times is the beginning of the essence of the old Leica cameras. Probably on the list of the best cameras ever made even on a really short list of 5 cameras. It is a legend in it’s own time, and in a lot of our minds.

Read more: ProPhoto Home

Aug 23

Katzenklavier -

bestofwikipedia:

A cat piano or Katzenklavier is a musical instrument that consists of a line of cats fixed in place with their tails stretched out underneath a keyboard. Nails would be placed under the keys, causing the cats to cry out in pain when a key was pressed. The cats would be arranged according to the natural tone of their voices. The instrument was described by German physician Johann Christian Reil for the purpose of treating patients who had lost the ability to focus their attention. Reil believed that if they were forced to see and listen to this instrument, it would inevitably capture their attention and they would be cured. (via @pgl)

Google and Apple clash as US officials investigate iPhone -

Google and Apple clash as US officials investigate iPhone

Principle of Evil Marskmanship -

bestofwikipedia:

The Principle of Evil Marksmanship (also known as the Stormtrooper Effect) states that enemy marksmen in action films are often very bad shots and almost never harm the main characters. Imperial Stormtroopers in the original Star Wars trilogy, despite overwhelming numbers, professional military education and training, full armor, military-grade firepower, and noticeable combat effectiveness against non-speaking characters, were incapable of seriously harming or indeed even hitting the film’s protagonists.

Aug 22

Sky Tower - Sydney