Whoa! Even Firefox Isn't Safe!

A new vulnerability, complete with exploit in the wild, has been logged against Firefox (the same exploit works against IE7).



This is a really bad one: Whenever you visit a site containing user-supplied HTML (such as, well, this one, for example), a page can be crafted to slurp your credentials for that site -- invisibly -- and send them off to wherever the phisher desires.



For example, if you have an account on Blogger, I may have already stolen your credentials if you click anywhere on this page! (I didn't. Honest.)



Basically the exploit fools Firefox's (or IE's) password manager into saying "Hey, I know the site this page is from, and we have login for it, so what harm?"



Plenty, as it turns out.



Mad props to Slashdot for publicizing this one.

Bush in Vietnam: Lessons for Iraq here

According to a AP item on Yahoo! News, upon arriving Friday in Vietnam, Bush met with Australia's Prime Minister and said that the Vietnam war offered lessons for the struggle in Iraq.

I must admit my heart skipped a beat upon reading that. After years of denying that very premise, Bush finally admits what Colin Powell knew all along? The Vietnam debacle, he discovers, should have informed the disastrous decision-making about Iraq?

Not exactly. According to the Current Occupant, the take-away from Vietnam should be this: "We'll succeed unless we quit."

Well, dang. The man just takes your breath away, doesn't he?

Now I get it; the trouble with Vietnam was that we didn't try long enough (23 years from first U.S. advisors to withdrawal of last troops), sacrifice enough soldiers (58,000), drop enough bombs (15,000 tons just in the eleven days of Linebacker-II), or kill enough Vietnamese (literally God only knows, but certainly not less than a million died during the conflict, including some 65,000 North Vietnamese civilians whose deaths are plainly and simply at our door and no one else's).

You gotta wonder if the man is just an ironic comic genius, and no one but Laura knows it. If that's the case, we--the Iraqis, the U.S. military, the American public--are all paying too high a price for an admittedly hilarious show.

Whoops, Sorry, Wrong Flag

Via the Huffington Post, I learned about the Bush admin's latest international-relations gaffe: On the eve of Bush's trip to Vietnam, the White House web site touting the trip posted a graphic of Vietnam's flag.

Oh, sorry. The South Vietnam flag? What do you mean, the Vietnamese government will be upset? Isn't that the one the good guys flew? And they won, right? You know, the Iraqis...I mean the Vietnamese who...

Think Progress item on the flag flap
MSNBC item on Bush and foreign policy, noting the flag flap way down in the lower paras

Conceivably the Coolest Thing Ever

Think you can juggle?

Har har. No you can't. Neither can I. Unless you can do this, that is.

This Guy Knows From Flying!

I cannot imagine a truer portrayal of what flight really means:

http://www.youtube.com/watch?v=sdUUx5FdySs

Flash! Actual Sighting of Flying Spaghetti Monster!

In Germany, no less: http://blog.wired.com/tableofmalcontents/2006/11/flying_spaghett.html

How's This for Irony: E-Voting Flaws Mar Race to Replace Katherine Harris

Katherine Harris, the scarily wacked-out former Florida Secretary of State who presided over the 2000's voting debacle, has been summarily ejected from political life as she left her House seat to be buried in a Senate landslide.

Now, in the race to fill her vacated seat, obvious irregularities in electronic voting are casting the results into question. The Democrat lost by 373 votes, but some 13% of ballots cast in Sarasota County recorded no choice at all for the House seat, while neighboring counties showed rates of 2 and 5 percent. Several voters reported that their selection for the House race went unrecorded and they had to redo their electronic ballot; the stats imply that if the missing votes had in fact been counted, the Dem would have won by 600 instead of losing by 373. But of course, there is no record of the votes themselves, which have vanished into the electronic ether.

Hellooo? As Bruce Schneier as well as many others have pointed out, it's not enough to count the vote accurately; the public (and especially the losers) have to be confident that the vote was counted accurately. People tend to throw revolutions otherwise.

Tim Bray on PHP, J2EE, Rails as Competing Frameworks

Saw a link to this on Larry O'Brien's blog. Tim Bray delivers a good take on performance, scalability, and (Bray asserts, most importantly) maintainability of several of the major competing Web app technologies. Doesn't cover ASP.NET, though ("it isn't open source, so why would you use it?").

It's the Big Java Day: Key Java Tech --> Open Source

It's not exactly a surprise, but today's the day: Sun has officially released critical components of the Java platform to open source, including:

• The Java Software Development Kit (aja the JDK)
• The Java Platform Micro Edition for embeddable and mobile devices
• The Java Enterprise Edition reference implementation

It's all under the GPL -- version 2.0, avoiding (for the nonce) the hysteria over GPL 3.0.

How fast do you suppose a Windows Mobile 5.0 edition of J2ME will be hitting the streets?

Think Your Mom's a Little Tough On You?

At least she doesn't rat your academic failures out to the media. The Register strikes again, this time at the UK National Health Service's Director General of IT.

Chilling Register Article on Data Mining

I can find nothing to refute here. Nothing that's brand-spankin' new, but the best treatment of the whys, wherefores, and imminence of the danger that I've yet read.

And of course, it's written in that signature El Reg style.

"I Have Nothing To Hide"

Better Now.

OK. Thanks. I'm ready to reach out again. Be accommodating. Never flip the bozo bit.

Saw Science of Sleep last night. I think I liked it, though Eternal Sunshine was considerably easier to follow (and if you've seen that movie, you know that's going some!). SoS, of course, is all about a guy whose dreams and waking life pervade each other in disturbing and disorienting ways.

So I was in panic this morning until NPR clicked on. Whew. Yep, Rumsfeld's still gone.

Time For Bipartisanship and National Reconciliation...

...NOT!

I've been having fun waggling my fingers in my ears to every Republican I pass today:

"BOOGA BOOGA NYAA NYAAAH! Yeah, RUN for it, LOSERS!"

Although Pelosi assured listeners just before the election that hearings and impeachment were not on the top of the Democratic agenda should they win the House, she was asked earlier to comment on the biggest change that might result from a Democratic win. Her answer should chill Karl Rove right down to his testicles today:

"Subpoena power."

You know, it's not just that Bush's gang are -- well, maybe "fascist-wannabe thugs" is a little too inflammatory, how about "wise and concerned statesmen"? -- intent on turning the U.S. into a banana republic, complete with:

• Torture chambers (Guantanamo, Abu Ghraib, extraordinary rendition)
• Imprisonment without trial (for any "enemy combatant", whether a US citizen or no)
• Orwellian lies ("we've never been about 'stay the course'")
• Pervasive surveillance (warrantless wiretaps, Total Information Awareness)
• A looted treasury (anyone remember the budget surplus the last guy left?)
• Not to mention their very own legally untouchable El Supreemo.

It's that they were so blindingly incompetent (Katrina, FEMA, DHS, TSA, cutting the military success in Afghanistan off at the knees in order to botch Iraq beyond saving, and wrecking the Army in the process) and still got away with it for so long!

Well, they'll still get away with murder. But one hopes that some of the fun will be gone now, as they're forced to look over their shoulders all the time.

Yeah, yeah, I know, we'll have to work with the red folks to get anything done. Just give me this one day, OK? We've been verbally spat on and had decorated wounded war veterans in our ranks accused of cowardice by gutless wonders who pulled strings to stay out of harm's way, and blamed for the actions of nuts that put even Robertson and Dobson to shame for six long years. Before we put the liberal nice face back on, just give us one good swing. Take that wid' ya, Rummy!

"You Don't Really Want A Prius", says Dave Barry

Instead, says his blog, you want this: a 1957 Chevy whose entire passenger compartment is a built-in hot tub.

I have to admit, for sheer environmental chutzpah, this is pretty much where it's at. Although I'm unclear on how the pedals work. Sure, a rollover would first eject you and then drown you, but how in heaven's name could you get it to roll over in the first place? I visualize this unstoppable behemoth flattening Tahoes, punching through brick walls, removing entire buildings from the face of the earth in the event of an accident. But roll over? Never.

Hmm. There's probably a really good riff on the Republican Party in there somewhere.

"You Don't Really Want A Prius", says Dave Barry

Instead, says his blog, you want this: a 1957 Chevy whose entire passenger compartment is a built-in hot tub.

I have to admit, for sheer environmental chutzpah, this is pretty much where it's at. Although I'm unclear on how the pedals work. Sure, a rollover would first eject you and then drown you, but how in heaven's name could you get it to roll over in the first place? I visualize this unstoppable behemoth flattening Tahoes, punching through brick walls, removing entire buildings from the face of the earth in the event of an accident. But roll over? Never.

Hmm. There's probably a really good riff on the Republican Party in there somewhere.

News Flash: Prehistoric Canadians Invented the iPod!

From The Register (their copy is worth reading, though the picture is damned good by itself). Chalk up another one for Google Earth.

Uh-oh. The folks that almost killed the BlackBerry are suing...Palm.

I do not pretend to know the merits of NTP's celebrated court case against Research in Motion. On the one hand, a tiny company whose only assets were patents granted to a now-deceased inventor, who had by all accounts worked hard and never got much for his ideas. On the other, a hugely successful technology company who'd built a popular product line.

The undisputed facts from that case are these: NTP won a ruling in Circuit Court and subsequently in the US Court of Appeals that RIM had infringed their patents. RIM settled -- The Register says $450 million, the Seattle Times says $612.5 (!) -- and continued in business as a licensor of NTP's patents.

Now Susan Decker of the Bloomberg News, in a story published in the Seattle Times, reports that Palm is next in NTP's sights. NTP says licensing talks with Palm have failed, and that they have filed suit.

According to the story, the patents themselves have actually been rejected by the USPO, and are under appeal. Until the outcome of that appeal, goes the legal theory behind the lawsuit, the patents are valid.

Marine Corps Times says Rumsfeld should go

Whoa. It's not exactly the official jarhead position, but this ain't the Village Voice, either:

http://www.marinetimes.com/story.php?f=1-292925-2333360.php

Is This A Great Country or What?

Is This A Great Country or What?

With Thanksgiving coming up, it's appropriate to think, calmly and clearly, about loading our shotguns with seasoning-pellet shells and killing some birds. Saves on prep time, no lead in the environment, and you don't break your teeth on a pellet! What could be better?

You think I'm kidding, don't you?

Hah!

What It's About Tomorrow

Two of my favorite columnists select eerily similar constructions to highlight why the Republicans are forecast to take one in the teeth tomorrow.

Leonard Pitts, in an open letter warning the Dems not to get complacent about their intrinsic wonderfulness if they win tomorrow:

If you win, it's because of Mark Foley and Terri Schiavo and Randy ''Duke'' Cunningham and Donald Rumsfeld and George W. Bush and Jack Abramoff and Rush Limbaugh and Ann Coulter and Dick Cheney and Hurricane Katrina and 2,800 dead soldiers and because, as my mom used to say, enough is enough and too much stinks.

And Molly Ivins:

May I remind you what this election is about? Abu Ghraib, Guantanamo, unprecedented presidential powers, unmatched incompetence, unparalleled corruption, unwarranted eavesdropping, Katrina, Enron, Halliburton, global warming, Dick Cheney's secret energy task force, record oil company profits, $3 gasoline, FEMA, the Supreme Court, Diebold, Florida in 2000, Ohio in 2004, Terri Schiavo, stem cell research, golden parachutes, shrunken pensions, unavailable and expensive healthcare, habeas corpus, no weapons of mass destruction, sacrificed soldiers and Iraqi civilians, wasted billions, Taliban resurgence, expiration of the assault weapons ban, North Korea, Iran, intelligent design, Swift boat hit squads, and on and on.

There's a lot at stake at the national level, and here in Wisconsin we've a chance to drive home the same point on a scale that's no less important for being local. (Remember, the prohibit-gay-marriage abomination is on the back of the ballot! If you don't flip it over, you miss your chance to play Smack The Bigot!)

11:51 CST: Updated to add the following, from a Steve Young item on The Huffington Post:

No WMD, Donald Rumsfeld, Vice President Cheney,Katrina, Brownie doin' a heckuva job, insulting Medals of Freedom, Paul Wolfowitz, Tony Snow, 655,000 dead, 2900 dead American soldiers, war as "comma"; a "nanosecond," Dubai Ports, Big Oil energy policy, pharmaceutical lobby writing pharmaceutical legislation, outing a CIA Agent, cutting veterans' benefits, sending our the troops into harm's way under-equipped, losing billion$ meant to rebuild Iraq, sending unqualified bureaucrats to Iraq ONLY because they were Republican, losing hundreds of thousands of weapons in Iraq, which will be used against us, sending other family's children into war, but not their own, not taking the advice of generals, but blamed them for the problems in Iraq, courting the religious right, then flipping them off, borrowing trillions from our children's future, calling the Geneva Conventions "quaint," ignoring a series of secret war games in 1999 that anticipated an invasion of Iraq would require 400,000 troops, and even then chaos might ensue, Terri Schiavo, Bob Ney, Tom DeLay, Duke Cunningham, Jack Abramowitz, Mark Foley, blah-blah-blah AND "Mission Accomplished."

How To Steal An Election

Simply terrific article on Ars Technica on e-voting. It's as least as bad as the paranoids (hi, Phil!) thought. If you don't want to slog through all the technical detail, the article links to a completely hilarious Daily Show segment (Glory, you're right--they are doing the real news on that show) that wraps it up for you in a couple of minutes. If you don't have a couple of minutes: The state of Maryland held a fake election and challenged a security firm to steal it. The security firm found the tabulation system by wardialing, busted in, changed the results in a way that was not detectable, removed traces of their breakin, and boogied -- in five minutes.