textiplication.com

I’ll admit, I think I know where AdSense went off the wire on this email thread, at least partly.  My writing group is trying to schedule our next critique session in emails under the title “Meeting Dates.” 

The line between nouns and gerunds can be ever so fine at times.  I have no explanation for the Sarah Palin and Bologna jobs board ads, just the Zambian dating auction site. 

Now I have to go Purell my hands.

http://textiplication.com/2008/04/25/i-awoke-this-morning-with-a-resounding-phrase-in-my-head-2/

My dream has been stolen…

I’m not going to link to the page that copied it, because it’s not a nice page, and may in fact be evil.  Here’s what it looks like, though:

The link to ‘taxidermists’ goes to a quite fabulous page (that’s still not-nice and probably evil) intended to catch Google searches for “taxidermist.”

This lovely screenshot is a representative sample:

Imagine a hairy guy ranting the above words from atop a soapbox.

“Expedite my taxidermists! Damn it, expedite them!”

Paul Krugman wins Nobel Prize.

http://freakonomics.blogs.nytimes.com/2008/10/13/congratulations-paul-krugman/

From an interview at Google Blogoscoped with Google group product manager Brian Rakowski:

…

There are ways to make Chrome automatically download a file without the user confirming this (at least using Chrome’s default options). Don’t you consider that a potential problem?

On its own, downloading a file isn’t dangerous. It can be annoying if a site tries to download a bunch of files to fill up your hard drive, but there are other ways to do things like that and it hasn’t become a problem. The danger arises when an automatically downloaded file can be automatically executed. We’ve taken steps to prevent this in Google Chrome and will continue to make sure that this is the case.

This answer is incredibly disingenuous.

How about this comparison? Leaving your front door open is not inherently dangerous.  It’s only a problem if an attacker walks in through the open door and steals your stuff!

Is downloading a file inherently dangerous? Of course not, I do it all the time – when I want to! If Chrome can be fooled into downloading a file without the user’s permission – and it can – that means that an attacker can place malware onto your machine, and it’s up to you not to launch it.  Even if it’s named Spore.exe, and has a Spore shortcut on the Start menu linking to it. A Start menu shortcut is itself just a file.  Arbitrary file downloads are inherently dangerous.  You can’t say “It’s only dangerous if…” the file automatically gets executed, because it’s much easier to convince the end user to execute a file than it is to force it onto the end-user’s machine!

With decent security in place, that is.

BTW, this vulnerability calls into question the whole trust model that the comic book brags about on page 26-27, don’t you think?

And boy, are my arms tired!

The Tina Fey/Sarah Palin thing was not horrific, actually, for the most part, I guess.  But I’m not sure that it was a great idea for SNL to make a play for the attention of people like me, who haven’t seen SNL regularly since Joe Piscopo overwhelmed the show with his talent. 

Let me put this plainly.  Why would SNL do anything to attract this kind of attention when, how shall I say, the show sucks so bad? Shouldn’t they try to avoid attracting attention?  Isn’t the last thing they should want to do is get more people looking at them sucking so bad? They should be hiding.

Yes, I watched it at 8 on a Sunday night.  That’s always been a big problem with SNL, that it’s on so late.  That, and the sucking.  Oh, my tentacles and and teeth!

Zero Day is all over this, aggregating reports as they come in.

http://blogs.zdnet.com/security/?p=1858

Yes, Google calls it a beta, but everyone’s used to relying on Google’s beta products.  Chrome is, so far, behaving exactly the way you’d expect a brand-new browser to behave.  Although Google put a lot of good thought into the architecture, security is all about the implementation.  By writing this privately, without a lot of public oversight, they bought into this kind of launch – high publicity, high uptake, high risk.

Here’s Wordle, if you haven’t seen it before.

Not sure whether they tell you anything, but here they are:

Barack:

Biden:

McCain:

Palin:

Actually, I really like it. It’s way, way faster than Firefox 3 or IE7 or 8, for initial launches and individual page loads.
Though I made fun of the comic book, it does cover a lot more info than I remember Mozila or the IE team ever releasing on the architectures of their browsers – and Opera? Forget it. They cover a lot of interesting points for the user, the developer, and the security guy. I’m impressed by all of it.

Google Chrome is, though, a web browser, which means that it is inevitably a huge and complex piece of software riddled with security defects. Since it’s new, we don’t know what any of them are, though! They are there, though, and they’ll jump out at us pretty rapidly.
Here’s one, via Zero Day and Evil Fingers.

“An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ’special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”

This is bad enough we’ll see it patched really soon. The problem isn’t just that a malicious URL can crash the browser, it’s the risk that the crash could lead to a stack overflow. They’re using ASLR – address space layout randomization – which makes that kind of attack harder to mount.

The second issue Zero Day cites was a big flaming red flag when it showed up in Safari – the ability of a malicious site to drop files onto the desktop. The Google proof-of-concept exploit may not seem as bad as the Safari carpet-bombin issue, since the user currently has to OK the desktop file save. Aviv Raff’s exploit is an interesting combination of old attacks on aging components incorporated into Chrome and a brand-new vulnerability fresh from Black Hat 2008.

SOOO…
I’d continue to use Firefox for your everyday casual browsing needs. Chrome won’t be safe for a while yet – no new browser could be. IE7 isn’t bad, and IE8 will be pretty good.