Month: May 2009 (page 1 of 7)

May = Suck

May = Suck
Huh. Not very productive on the blogging front here lately, am I? It’s been a sucky couple of weeks, actually. There’s been a lot going on at work, and I’ve had too many extra commitments happening on my weekends. My back hurts. The weather is cold. My stomach is playing up again. The cats have been waking me up too early. I’m just worn out.

That said, I finally got to have a nice, relaxing weekend. Friday night we went to Nilgiris in St. Leonards for Amy‘s birthday. That was fun! We had this way cool little private cushion room upstairs, and the food was excellent. Saturday the Snook and I finally made it over to the Eveleigh Farmers’ Market, where we battled hipsters for ingredients to make coq au vin. (The recipe is in the latest Delicious magazine; uses spatchcock instead of rooster.) I spent a great deal of both Saturday and Sunday working on a knitted vest for Andrew and Kathleen‘s new baby. (Congratulations, guys!) Tonight I went for a long 70min run around Glebe and Newtown, which was okay except for my back aching. We had our coq au vin (which was excellent). We finally picked out a contents insurance plan (spurred on by reports of recent burglaries). And now I’m really looking forward to bed.


We Are Married Too

We Are Married Too – a great new blog from my friends Matt and Christopher. I know a few other couples I need to send this to…

New nephew

Hooray! After more than a few false alarms, my new nephew Mason Anthony Howard was born a few hours ago. Sounds like everybody is doing okay. Congratulations to Ant and Kara!

Cross Stitch Cars

Cross stitch… ON CARS! That’s pretty neat. I’m still bitter that my Dad talked me out of stencil-painting my crappy car in high school.

Another baby

Judging by his post on Facebook, my brother Anthony and his wife Kara went to the hospital to have their second child about seven hours ago! Can’t wait to get the update…

Three Sisters Garden

Hm. I was all excited to plant a Three Sisters Garden (corn, beans, squash) til I read the bit about needing a minimum plot of 10’x10′ to ensure good corn pollination. Huh. I guess that’s why it pretty much sucked the last time I tried to grow it.

RunningBlog: Ramping Up

The Sydney running season is upon us and I’ve started to ramp up my training a bit. My ultimate goal is the Half Marathon at the Running Festival in September, so I’m using the 20 week training plan from that site. There are also a number of shorter races along the way this winter. First was the Mother’s Day Classic 8K I ran a few weeks ago. Next up is the Bay Run on August 2nd, a 7km run around Iron Cove Bay. I’m running it as a team with Shane, Tim, and Stef. The following Sunday will be the City 2 Surf, where once again I’ll try to break the elusive 100-minute barrier. I just have to talk the Snook into running with me…

This week: 22.39km (14mi)
Previous week: 17.41km (11mi)

One difficulty this year is some general lower back pain and stiffness. I think I injured it trying too hard on the rowing machine at Spudds. I’ve been to the physio last Wednesday and today, and she’s given me some exercises and stretches. A big part of it is my right hip being way too tight, as it was last year.

osCommerce Session Vulnerability

osCommerce Session Vulnerability
I’d just like to note for the sake of future Googlers that osCommerce has a huge whacking security hole in the way that it handles sessions. I found this on Saturday when the new Morris & Sons site launched and a fellow Raveler told me she was seeing “other people’s stuff” in her shopping cart. “Huh?” I thought. “That’s not possible.” Half a dozen people had tested the new site and not one of them reported anything like that. It was only after emailing back and forth with her and doing some digging that I discovered the problem. She was following a link from a recent newsletter, a link that happened to include a session id. I’d noticed a few links like that before but didn’t think it was a problem. “After all,” I thought, “surely osCommerce creates a new session when you come to the site anyway.” WRONG. It looks for the session in the link, and when it doesn’t find anything it RECREATES IT. Then if someone else follows the same link in the next 5-10 minutes, BAM. Two people with the same session. Huge, huge security hole. The solution ended up being pretty simple, in that I simply changed the site to require cookies for session handling. (I then tested and confirmed that two separate people following a link with the same session id end up with different session ids in their cookies.) Still, it’s a pretty big issue and it’s not well-publicised. The Snook was pretty livid when we figured it out. “The amount of fail in that implementation still amazes me,” he said. “The fact that I could invent a session ID, email it to you, and then snoop everything you’re doing on the site and get access to your account once you log in.” Yep. If you have an osCommerce install, lock it down, kids.

Congrats, Tracey!

Congratulations to Tracey and Regan on the birth of their daughter Jovie! But man, reading that birth story actually made me light-headed.

The Male Programmer Privilege Checklist

The Male Programmer Privilege Checklist. Wow, I found myself nodding along at SO MANY of those:

  • Not having to wonder whether you’re well-known in your community simply for being “the female one”.
  • The freedom to make mistakes or say stupid things without worrying about it getting added to the pile of “why women suck at computer stuff”.
  • If you’re married, having people take you to lunch without them speculating on how your spouse would feel about them taking you to lunch.
  • Having interests that are stereotypical for your gender without having to worry you’ll be taken less seriously because of it.
  • Having interests that are unstereotypical for your gender and getting seen as cool and progressive rather than freaky and asexual for it.
  • Not having to choose between dressing/acting stereotypically for your gender and being thought unprofessional (or not a Real Geek) for it, and dressing/acting un-stereotypically and being thought unseemly.
  • The freedom to switch to a less technical career without feeling like you’re betraying the cause of gender equality.

That last one floored me. I actually said that one out loud in a performance review last year. I knew that my heart wasn’t in development, but I felt this insane desire to keep doing something I didn’t enjoy because I wanted there to be some girls doing it. I wish my male friends in IT would read through that list and realize just how good they have it.