Below are the 10 most recent journal entries recorded in the "Alierak" journal:
[<< Previous 10 entries]
LJ login alerts|
Woo, thanks LJ, for alerting me 100 times that some guy has logged into my account from my IP. But this last one takes the cake:
We noticed that someone authorised into your LiveJournal account with a new
device. Detailed information about this authorisation:
Internet service provider: [ISP]
IP address: [ip]
If it was you, than everything is fine and you can skip this message.
Current Mood: annoyed
Stopped to take some pics in the middle of my 50-mile commute:
Current Mood: chipper
You may have noticed it's been a while since I posted anything here. There's a reason for that. In February I got busy participating in the Livejournal XSS Contest
It bugs me that winners of the contest aren't publicly announced or credited, so it's not much of a contest. It also bugs me that I submitted four additional XSS vulnerabilities, three of which were never acknowledged and none of which have been fixed afaik. I don't think I ever received a fourth permanent account, either, and theoretically I might be due a total of seven. To "submit" a vulnerability, you send private email to Brad. Yeah. I suspect he puts them in the security queue in RT, but there's no way to check. Meanwhile permanent accounts have been losing value through LJ changes such as introducing ads, giving away paid features to ad-sponsored users, etc. So anyway, my trust in LJ hasn't been at its highest levels.
But given that my friend xb95
is going to be starting to work on LJ again, I figure it's probably all going to be okay. Now, what should I do with that half-formed post about my experience with the LJ XSS contest? Is four months enough to resort to public full disclosure, and do I dare toy with the ToS?
How should alierak describe LJ XSS vulnerabilities that have been fixed?
in full detail
To whom should alierak describe LJ XSS vulnerabilities that have been fixed?
How should alierak describe LJ XSS vulnerabilities that have not been fixed?
To whom should alierak describe LJ XSS vulnerabilities that have not been fixed?
(Yup, this poll was brought to you by my upgraded account)
Tags: lj, toys
my weight-loss diet|
I've been meaning to finish this up and post it for a good while now. Despite the subject and time of year, this isn't a New Year's resolution post. I started my weight-loss diet in October and have pretty much reached the point where I can declare it a success and write about it in case it will help anyone else out there.
Why I started a diet:
Now that I'm doing it, of course, I can come up with all kinds of good reasons to stick with it, not the least of which is that I want to be sufficiently in shape to keep up with Will while he's crawling around the house. I want never to have to contemplate buying any larger size jeans. As a father, I want to be there for my son when he's my age and to set a good example for him. Et cetera. But apparently no reason of this type was enough to get me started.
Things changed sometime in mid-October when I stepped on my parents' digital scale to weigh first myself, and then myself + Will in order to get a reasonable estimate of his weight. I was shocked to see the scale read 213 before I even picked him up. I'd thought of myself as significantly overweight at 200 for the last year or so, remembered being uncomfortable at 180 when I gained 30 pounds back in college, but 213? Yikes! I must've been gaining a pound a week since we moved in August. That scale reading immediately scared me into eating less, and put me in the right frame of mind to start a diet for real.
Then, I ran across this Boing Boing post
and started to read and follow The Hacker's Diet
right away. With a name like that, how could it fail to get my attention? I'd never really dieted before, but what the heck. The guy went to all the trouble to write the book and put it on the web. It couldn't hurt to give it a read.( How it worksCollapse )
In the time since I bought the scale, I've definitely lost over 20 pounds (max reading = 196.5, most recent reading = 174.0). Extrapolating to the start of the diet, I must've started out around 205 or so and lost about 30 (my scale doesn't agree with my parents' scale due to the different time of day, amount of clothing, etc.). I've gone from tight 40-waist jeans to comfortable in a 36, and I fit into large t-shirts again as opposed to only XL. I'm breathing more easily and have lots more energy, partly due to exercising. The most unexpected effect is that I have my singing voice back! When I was eating more, and eating more fat, I often had the unpleasant sensation of gunk in my throat. (Though, as I'm finally about to post this, I'm eating 1800 calories a day and sometimes feeling the gunk).
Anyway, here are some nifty graphs
. Note the calorie numbers for today are off because I haven't had dinner yet.
Current Mood: pleased
Tags: books, food, health
Ok, everyone can now feel free to continue signing up email@example.com for all those spam lists. The account no longer exists. The password for the nonexistent account, should you require it, is "a3nadotdie", a brief commentary on the account's status as cruft and a slight play on the hostname below.
% ssh athena.dialup.mit.edu
Received disconnect from 18.104.22.168: 15: You are not allowed to log in here: Unknown username
Does that strike anyone else as a bit of a security hole? I mean, giving away the validity of a username?
See also earthdragon
Current Mood: amused
not a bad Friday the 13th|
Let's see, I got stuck on one of the newer green line B trains for a while because the doors wouldn't shut / sensors failed to detect manual closing of the doors / train wouldn't move when it thought doors were open / driver had to reboot the train a couple times. After she was done yelling at her boss on the radio, at least, we got to blow through half the stops, but yesterday morning's bank errand ended up taking a total of about three hours. Meanwhile I forgot to call yakshaver
and tell him I'd be late or get him to rescue me from the evil train.
Cow-orkers (ok, siderea
) decided to deploy the new corporate website because "everything's been going so well today!", so I said to keep it away from me. They didn't; I pointed out that the deployment was going to break a bunch of unrelated sites. But hey, free champagne.
and I went over to his place for hamburgers, and for the first time I got to play actual poker with real chips and cards against human opponents (incl. his housemate Dan who was a fellow Random back at MIT). Turns out I don't suck very much. We didn't play for money, just heaps of poker chips so it was all in good fun. I hadn't played with rebuys before (after you get knocked out, you grab a new stack of chips from the bank), and that made it harder to dominate the table. A player with a dwindling chip stack gets knocked out, and suddenly they've got significant leverage again. But I think I kept the lead the whole time.
I think if I'm going to play much real-world poker, I've got to learn to control my heart rate. On the first hand dealt, I ended up with a full house and was sure I'd give it away with the adrenaline rush.
Woot. It's raining out, and we're about to try to go see the Star Wars exhibit at the museum of science. Tomorrow it'll be colder and snowy, and maybe I'll want to do some outdoor tourism involving the freedom trail.
I'm flying to Boston in a few days to give some cluedumps at work. In case anyone there cares, I'll be flying up on the 10th and back on the 18th.
Current Mood: good
Tags: travel, work
If you are writing C, do feel free to use the full ANSI features -- including function prototypes, which will help you spot cross-module inconsistancies.
on the same page
, esr also writes:
Run a spell-checker on them. If you look like you can't spell and don't care, people will assume your code is sloppy and careless too.
Sounds about right to me...|
This pretty much agrees with where I grew up and where I've lived for the past decade...
Your Linguistic Profile:
60% General American English
0% Upper Midwestern
Oh, yeah, forgot to post about this. After I went out and took my "long exposure" photochallenge shot (here
), I was googling for info on the kinetic sculpture at Porter Square. Obviously the first hit was the MBTA website which had the info I wanted. But the second hit was some random guy's photo gallery, where I decided to look around. The guy lived off Somerville Ave at some point, between my apartment and the T station. Nothing out of the ordinary there, people who live near the sculpture take the occasional picture of it.
But imagine my surprise when, browsing his gallery, I found a picture
and myself, taken in Portland, OR...
Tags: odd, photos
[<< Previous 10 entries]