I saw this post on the Facebook blog, and thought it was interesting. It seems too many people on all the different sites just want to try and get as many people as possible on their friends lists, not realizing the implications of doing so. In the entry she directly says "Friendship on Facebook is, in and of itself, a privacy setting." It's unfortunate that people don't realize this, and then when the view of it changes they get freaked about the information they're giving to all these people they don't trust. If you don't trust someone with all the info posted on there, why list them as a friend? If only they'd post this entry somewhere inside the system as a reminder to people (but then how many would read it?).
I realized that the new notes feature on Facebook pulling in an RSS feed references images at the original URL. For the non-techies, that means if you have an image in a post (say 1x1 "web bug" style) and someone looks at the note on Facebook, you see the request in your web logs. It just provides tracking, so not XSS like the other stuff that allowed changing profile data (which they fixed pretty quickly). I'm curious if they'll try to fix this one.
Most people have probably heard about the new stuff that Facebook implemented today, primarily since it seems everyone is talking out about it. I think it's rather funny how much it's freaked out people. Like they said in their blog entry about it, the information was already available. Yea, they made it so you don't have to go into as many places to find it, but they've had the API where anyone could compile the data already, and there you don't even get to remove your entries. Yea they could use a few more preferences to change display options (hide stuff from the feed you don't care about), but I think the changes are useful since you don't have to waste as much time on the site to see if anyone posted anything interesting - just spend 15 seconds looking at the feed.
I'm starting to think this is good if people get freaked out about this. Before I always figured they just didn't care about giving the information to everyone. It seems that people just really pay that little attention to the world around them and don't realize people could already track it all?
I happened to log in and notice they had a stats feature. Figured that could be interesting, so went there. The bottom stat says it all. The OC one is almost as high... The other two sorta fit in there well too.
Sometimes I just have better things to do than update. Like nothing. Sometime shortly after the last update things blew up at work. Then as soon as or shortly before one thing would be fixed something else would break. I don't really remember the order or anything anymore - the whole few weeks turned into a blur, with pretty much solid work and not much sleep. Things have pretty much recovered now, although there's still plenty to do, but at least I get to leave on time. At least most of the time. Tonight I get to take stuff down at 10pm, so I just stayed the whole time, spent a bit cleaning the office, upgraded one of our fileservers by 800GB (hot swap is so nice - it means I can get out of here sooner), and am gonna be upgrading the RAID card firmware and applying patches on an Exchange server in a bit. Such is life. I think I need to start planning some time to do something else though.
In case you haven't figured them out or been sent links already, I went to a couple weddings and have pictures up online. First is Betsy & Pete, second is Ross & Lindsey. There's also pictures from Ross' bachelor party up on the pics page. Other weekends included my brother's white coat ceremony for med school, and then one of trying to relax. This weekend I may see about wiring my house in anticipation of filling the attic with insulation due to the gas price thing predicted for the winter and insulation being on sale. I think I'll go 2xCAT-5, 2xRG-6QS, and 1xSCAT-5 to each plate, mostly one per room except for some big ones. I think that should cover things pretty well.
Movies have been somewhat lacking although there's been some good ones. Raadt and I have been taking advantage of the free redbox movies on Mondays in October to get some. I also have all the netflix, and Firefly courtesy of the JoeBuck. That's a sweet show. Much better than the 24 I had been watching. Other movies were The Hitchhiker's Guide to the Galaxy which was good, Hotel Rwanda which was also good, and Brazil which I thought sucked.
Today the aforementioned webmaster noticed the /. article on the MySpace XSS worm, leading to a discussion on it since he's just been working with AJAX interfaces and stuff. After the discussion about how they deserved it for pretty much ignoring stuff that everyone knew about, we started thinking about whether other places had vulnerabilities. Due to schdav's recent activity the one that immediately came to mind was facebook. We poked a bit but it seems they've actually locked it down quite decently (upon further review it appears they had vulnerabilities but didn't ignore them). There are some interesting things you can do related to certain actions such as collecting friends, but it's a more interactive process and not an exponential worm like samy's. Still should be an interesting experiment. Enough fun for the day though - back to work...
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
