A painting of me

Moonrise Kingdom

   19 July 2012, early morning

Moonrise Kingdom

Moonrise Kingdom was great. I was pretty disappointed with Wes Anderson’s last (live-action) film and was really hoping this one would be good. The trailer hit all the right notes. I love Ed Norton and Bruce Willis. Surely this had to be good? And it was. The weird stilted dialog you often find in Anderson films is ever present in this one, perhaps even more so. That’s the only thing I found grating about the film. Otherwise it was a sweet tale of young love and adventure. It’s zany, of course, but that’s to be welcomed and expected. You should definitely watch this.

The official Moonrise Kingdom website.

Comment  

  • YouTube: The evolution of PC games. 

    From the earliest text-based adventures to the latest modern shooters, Reverse Enginears has created a stunning musical composition featuring only sounds and music from PC games.

    This is really well done. It’s also interesting listening as the sound gets less and less bloopy.

     #
  • He-Man Artwork. 

    Also, this set of He-Man inspired artwork is making me sad I don’t have any of these things hanging on my walls.

     #
  • Ossington Avenue, condofication, and the changing city. 

    These professionals, gentrifiers of the area, are complaining about the change in their neighbourhood that will admit large numbers of aspiring downtowners. What drew them here, five or ten years ago? The Vietnamese karaoke bars? The Portuguese fishmonger? No. It was the allure of Victorian houses, scruffy but cheap – especially if there was a used car lot behind your house! – and the tequila bars, galleries, edgy restaurants. In short, the presence of Hipness.

    A great article about the changes coming to Ossington Avenue.

     #
  • The Worst Tweets from the First Year of Twitter. 

    Guess who made the cut? (Though I feel like my tweet is there without context — I was just testing out the Adium’s Twitter plugin. It’s not like they had a good Twitter client for the Mac in 2006. Oh well.)

     # [3]

Opt-In Security

   11 July 2012, early afternoon

If you are using Hudson/Jenkins you might want to review this article by my coworker: The Operational Reality of Opt-In Security Controls.

This has been a topic of much discussion in my office for the last couple weeks. My co-worker, unaware of what Jenkins and Hudson were all about, thought he had found a pretty crazy exploit while doing an assessment. It turns out he had actually found was a poorly configured instance of Hudson. Responses to his outreach have been mixed, to say the least. The people behind Hudson and Jenkins feel this isn’t a problem for them to solve. They provide a guide to harden your install, and feel it’s up to their users to ensure they deploy things properly. (This is similar to the attitude Rails developers took to their mass-assignment bug.)

Using Google he ended up finding misconfigured automated-build servers all over the Internet. (You’d actually be surprised and/or terrified by some of the people who had exposed their servers in this fashion.) He’s been sitting on this post for ages, waiting for people he has notified to get back to him on whether they have secured their install or not. For every person who replies promptly with a thank you, there are probably two people who don’t reply at all or who quietly fix their install and pretend he never got in touch.

I suspect one reason people simply go the no warning full disclosure route when they find vulnerabilities isn’t because they are trying to be malicious, but simply because it’s the path of least resistance. I suppose this is why patience is an important attribute for a good security professional.

Comment  

  • Chutzpam. 

    the estimable businessmen and women at realinsurance.com.au have been paying SEO companies to spam the comment sections of sites around the globe. But now Google’s new search algorithms are making that legacy spam really damaging. So now they’re sending out cease and desist notices to the victims of their earlier spamming demanding that they search their archives and remove their spam.

    (via Daring Fireball#
  • Humanæ. 

    Angelica Dass takes portraits of people against a background PANTONE colour that best matches their skin tone.

     #
  • Bash prompts. 

    You need to be customizing your bash prompt. Mine is mostly stock, save for the fact I include what git branch/tag i’m on when inside a git repo. I need to change that now.

     # [1]

← ← ← → → →