Interesting anecdote about a social network built as leverage against an almighty company before the term “social network” was even coined. Short story is that the company crashed, the stocks were no good, and the shareholders were outraged. So Ronald Lewis and his friends turned to the Internet and built XOShareholders.com, bringing together over 23 million worth of shares from 2,700 shareholders. More importantly, the news of this injustice spread even to the media. This was in 2001, way before the Web 2.0 and one of its favorite buzzwords, social networking, were born.
Change gears—to the Philippines. One must ask, has anybody done something like that in this country?
Twenty-six years since its creation, the UP Diliman Department of Computer Science (DCS) is finally holding an alumni homecoming on the 24th of February 2007 at its new home, the College of Engineering Library and Computer Science Building. (FYI, that building is right in front of National Institute of Geological Sciences (NIGS) and the College of Science Library and Administration building.) Registration starts at 3, while the program will begin at 4pm.
You can read the invitation letter from Prof. Evangel Quiwa that’s been passed around to the alumni in Sir Rom’s blog. Actually, there are two more versions of the invitation letter: one reiterated by the Department Chair, Dr. Cedric Festin, and another detailing of a very special surprise for the Department’s most-loved teacher—guess who! (I’ve already mentioned him here!)
An important heads-up to all WordPress fans—that’s pretty much the whole blogosphere*, isn’t it? There’s been a recently-discovered security flaw with the blog software’s templates.php file. It’s called XSS, i.e. cross-site scripting, a vulnerability that permits malicious code injection into web pages.
David Kierznowski explains what part of the WP file is causing this:
When editing files a shortcut is created titled ‘recently accessed files’. The anchor tag text is correctly escaped with wp_specialchars(); however, the link title is not sanitised. Instead, it is passed to get_file_description($file). The only restriction or limitation here is that our text is passed through basename. This means standard script tags will fail when ending with ‘/’. We can get around this by using “open” IMG tags; this works under FF and IE.
In pseudo-English, that would mean:
Wordpress is prone to a HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
TechBuzz lists all WordPress versions that are in danger of this exploit, but the short story is unless you’re using 2.0.6 you’re not safe. And as far as I know that one hasn’t been released officially yet. It’s advised you patch the culprit file in the meantime. (Make sure to back those files up first!) WP 2.0.6 has just been released yesterday. You might want to upgrade instead of patching.
Still, a belated Merry Christmas and Happy New Year to y’all!
I seem to have been too distracted by other things to come up with a post for this blog. I do have some things in mind but they’re too short for full length posts, so I stared at my blog for several days and pondered on whether to install some sort of asides (side-blogging) feature. Obviously, I haven’t (I tweaked and added other features anyway). So I shall resort to what I usually do, and that is unload a bunch of disjointed topics in one go.
[Looking for the list of Adobe CS3 program abbreviations?]
Adobe Photoshop CS3 Beta Released
(A prelude.)
Let’s start off by announcing Adobe has recently made Photoshop CS3 Beta available for download. It’s free as long as you have a valid Photoshop CS2, CS2, Production Studio, Video Bundle, or Web Bundle serial number and the final Photoshop CS3 version hasn’t come out yet. Another caveat: no tech support is available for the beta.
All the details are given on the Photoshop CS3 page, including download instructions and system requirements—at least 320 MB RAM and 64 MB video memory!
New Adobe Creative Suite 3 Program Icons
Adobe has been known to change branding strategies every new version, particularly the logo and icon aspects. Take Photoshop for example. From versions 1.0 to 7.0 there was the ever-present eye in each of the whimsically conjured designs. But this was followed by a more nature-friendly feather concept starting with the two generations belong to the Creative Suite.
For CS3, though, Photoshop and practically every other member of Adobe’s Product line has adopted a drastically different icon scheme (mentioned here), sporting two letters of the product name on a soft-gradient-fill-ed square. The typeface details are in the postscript of this entry. The color of the gradient is the color the product is assigned to on the color wheel. In the case of Photoshop, it’s a nice, deep blue, around #2B75CC (according to ColorZilla).
The Alphabet Soup and The Color Wheel
The Periodic Table of Elements comes to mind—transformed into a color wheel using the polar coordinates filter! (Kidding.) Yes, it’s very disorienting.
This year, Time Magazine has named You as the Person of the Year. Yes, You, the publishers powered by the platform that is the World Wide Web.
The article begins by reporting that 2006 is the year we have realized history is no longer shaped by few greats. Instead, we have witnessed a phenomenon concocted by the crowd, from people all over the world. Wikipedia and YouTube are cited as the prime examples of such revolutionary behavior.
But beyond speaking in awe of such a new, large-scale, worldwide trend brought about by advances in computers and the Internet—here the phrase Web 2.0 has since been thrown about—Time commends us for all the hard work we put into making the revolution a reality.
I’ve been dead lately and I’m sick right now. In the meantime, some first looks…
Perhaps more than a week ago, while browsing around my site, I found this shocking message in the comments section:
I really don’t know why something inside me told me the hacker-like message pointed to the Gravatar plugin installed on this site, but sadly, Googling around confirmed my suspicions. Apparently it was a debugging message for the Gravatars2 plugin.
…Getting no gravatar back from gravatar.com is very common. I removed the rougue “SUCKAGE” message that I had been using for testing. Oops. :) You can download the latest 2.5.3 release to get rid of that. It only shows up when the gravatar downloaded from gravatar.com should have been valid, but wasn’t (the reason for the previous emergency release)… »
Putting a message like that may seem fun (in a geeky way obviously) when it’s for personal use only, but if you’re writing it inside code somebody else will see, and might possibly get scared of, don’t put it there! But then I guess this is no MP and we are not teachers who can scold you for such silliness. This is real life.
