Javascript Exploit Fixed on All OS’s … Except Mac OS

I’m not sure if I divulged this, but I am an avid Mac OS fan. No, I’m not the creative type, but most of my computer knowledge was done via Mac. My very first Mac was a Mac Plus (never really owned a PC till I built one much later on). Then I got a job at E! Entertainment Television, and they were an all Mac OS shop. So my point is I’m a big Mac fanatic.

So it disheartens me to a great extent when I find this Java Exploit (CVE-2008-5353). As with most exploits, if compromised, the attacker may take over a system. Now the popular thought was that Mac would not be vulnerable to all these various attacks that Windows have been vulnerable for a long time, but that is a dangerous assumption to make. This particular one, is not Windows specific, Mac specific, or even UNIX specific. This is in the Sun Java code, which they really did fix, and it has been incorporated in all Windows, Linux, Solaris, and all other OS’s that use JAVA Runtime Engine … except for MAC. Why, oh why, Apple, why?

This exploit was patched and fixed by Sun in December 2008, so this fix has been around for coming up on 6 months. Is there a good reason for not putting this in? I kept trying to think of a good reason, but I can’t. In fact, one individual got so frustrated with Apple, waiting for them to fix this, that he decided to put an exploit out in the wild, and publish this, in hopes that Apple will finally do something about this. This has been distributed throughout the security community … I’ve seen it posted on securemac, slashdot, zdnet, and even US Cert. We’ll have to wait and see if Apple actually does anything with this.

So for now, I have turned off all Java and Javascripting from the browsers I use on the Mac. The problem is there are so many web sites that use Java for their video streaming, and Java is such an integral part of the web browsing experience. This is really annoying, and will force me to not use my Mac until they fix this, and use my PC more often. Damn … I was hoping only to use that damn friggin’ PC only for work.

Nice job, Apple!

Why is Cycling Not that Popular

I was templating about the popularity of the sport I love so much. One of the frustrating things about the sport is lack of coverage. True, there is the weekly coverage of Cyclism Sundays, which is good, but in comparison to other sports, it’s considered a novelty, something less popular than bass fishing (borrowed that line from RedRider … hehehe).

Yes, there is the typical coverage on ESPN of the 4 major sports, then stock car racing (NASCAR), then Poker … Poker???? Is that really more exciting than seeing world class athletes racing through the streets of Europe? I mean, look at the physique of some of these poker players. For once, I can say I’m more physically fit that some of these contestants.

Then, there’s what I consider the second tier sports, and those are gymnastics, figure skating, golf, and tennis. Those are represented pretty regularly. I would then stick the multi-stage cycling road race in that category.

Now take a look at track cycling … now there is a sport that should be popular, shouldn’t it? Look at the logistics of covering this event. You have a stadium already built, and all you have to do is pay a little fee (much less than say basketball or football). Plus, you don’t have a bad seat in the house. With road racing, you only get to see the racers once … you get there, wait for about 1-2 hours, and they pass by you in 5 seconds, then go home. With track racing, you could be there the whole day, and see all of them. Plus, you can see more tactics. So why is this not covered at all on tv? We have to wait once every 4 years for it to come.

Anyhow, what brought this on was the fact that we have an American World Champion in Individual Pursuit … Taylor Phinney. Did anyone know that the World Championships were taking place, and that an American got top honors in one of the races?

My main beef is that track cycling can be so exciting from a spectator perspective. A lot of people are shocked when they watch the tour pass by their city, and suddenly they pass by, and say “is that it?”. Track racing should be more popular, but the main question is, why isn’t it? You can even see a crash, which will wake the fans up (not that it’s a good thing)

Even with Lance coming back, cycling hasn’t really taken off in popularity. I still see it less popular than poker or tennis. If I asked someone on the streets, who would they rather see … Lance or Phelps? Most likely, the answer would be Phelps.

Wacky PTO’s

Normally, requesting for PTO’s aren’t a big deal, right? All you do is go onto your company’s Intranet site, and request certain number of hours for PTO, and your balance would be deducted, right?

Well, with the state of the economy, the way it is, the company I work for is trying to cut cost in whichever way possible. One way is to not have people come into the office, so they decided the company will shut down the office for a week near Memorial Day, and a week near 4th of July. One problem though … we support customers, 24×7. Customer Service simply can’t shut down, because other companies are not.

So they have decided that everyone is forced … that’s right … forced to take 17 PTO days between March 1st and December 31st … of which 10 of them needs to be between March 1st and September 30th. So for those 10 days, no formal PTO form is filled out. What??? Well, HR will automatically take 10 days off of everyone, at end of September, regardless of if you took it off or not. So how will the individual keep track? I guess it’s up to the department to figure out. Good grief!

So what if you don’t have 10 or 17 days of PTO available … too bad. You will have negative PTO days. I guess this is one way they are saving money … by not paying people for PTO time. Surely they could have thought of some better way, but I guess not.

My boss has always been on my ass about taking PTO time, as I will lose it if I don’t take it. Well, I guess this is one way that he won’t have to worry about it. I’ve got a lot piled up, so it’s not such a big deal for me. Maybe I’ll sell some of my time, and make a little more money on the side?

2 Days until the Tour …

… and I’m just so excited about this. The only thing I can think of these days is making sure I don’t screw up. I’m also worried about the weather. When I look at accuweather or weatherunderground, it forecasts rain throughout the entire length of the tour. This got me worrying that I will be completely drenched. It’s not like I will be able to duck under an awning, because I’ll most likely be out in the elements, directing traffic, clearing course, etc, and if it’s raining, I’ll be wet, most likely cold, and damp.

So it’s off to Sports Basement and eventually REI (mostly because I didn’t want to spend too much and wanted to find a bargain). I ended up going to REI, and got waterproof jacket and pants. They make a big point out of not jeans and wearing black or khaki’s as a course marshall … well if I cover it with waterproof pants, they won’t see my khaki’s (but it is black). I spent over 2 hours shopping for these … Damn, I’m like a woman shopper!

As soon as I left, I realized I didn’t get a hat or boots or anything to protect my feet. I think if I really have to, I’ll put my feet in plastic bag, then put my shoes on. It’s going to be wet and cold, but at least with the plastic bag, it may minimize that.

Ok, checklist … bought new socks, fanny pack, whistle, rain gear, new briefs, 2 extra pairs of khaki’s, camera, documents … hope I didn’t forget anything. Now all I gotta do is pack when I get home from work today.

If I get to update anything at all from the road, I’ll do it from twitter. I have my twitter activity automatically copied over to my facebook main page, so you’ll be able to see my comments on facebook (even if you don’t have a twitter account). This should be interesting. This year, I won’t be able to be a fan … but I’ll sure be supporting the efforts of keeping this one of the most prestigious cycling events of the year.

Oh, one more thing … just a little rant of mine. Everyone knows that Lance is racing, and everyone is expecting him to win … and he may just do that. But people forget that this is the year we will have so many successful racers from the past making a comeback … there’s Lance, Ivan Basso, Floyd Landis … and then there’s the success of Garmin and Columbia. Oh, BTW, defending champ is Levi Leipheimer, who happens to be on the same team as Lance. So you’d think that the headline would be probably the competitive tour on American soil … and there is still very little attention paid to this event. Instead, we focus on A-Rod testing positive for steroids 5-8 years ago … sheesh!

Ok, back on topic … I just hope it doesn’t rain too much. I’d hate to see half the riders bail out before we get to the real climbing in the tour.