Rhonda's Blog                    
Mainpage Disclaimer

Fri, 10 Feb 2006

Curious Meme...

Interactive Johari Window — pick the five or six words that you feel best describe me. Thanks to nilasae for the link. Hopefully it won't /. the server too much, it's already acting quite slow...

/test | permanent link | Comments: 0


The following haiku poem was written some days ago. I wasn't too sure about including the final two paragraphs, but after letting it rest for a while I think they don't fit too bad into the overall view.

Lazyness — a pain?
It helps you to optimize...
or do just nothing.

Some say it is art —
a required skill for some,
e.g. syadmins.

To notice repeats
and work on scripts to ease them.
It truly helps there.

But then the downside:
when you don't manage anything
you are lazy stunt.

Not able to do
what you are expected to
and just waste big time.

I strive for former
but fall into latter group
I am but sorry.

The expectations
that I built — to some degree
all by myself — hurt.

I have no idea
why people believe in me,
I don't do myself.

/haiku | permanent link | Comments: 0

PHP mail() Considered Harmful

I know for myself that picking up unparsed userdata is teh evil. But we also all know that the usual webpage and mailer script coder isn't thinking. And to my knowledge the php mail() function is the only one that perverted to parse the headers additional to an explicit given recipient list for additional recipients. Yes, you read right. Often enough people use things like mail("myown@addre.ss", "subject", $body, "From: $_POST['name'] <$_POST['email']>") without thinking about it, because, there is this extra to field anyway. Right?
Wrong! SPAMers will come and send things like email="some@jo.ke\nBcc: my@sp.am, list@is.bigg.er, than@you.rs". People that put up such webmail scripts usually don't notice it anyway, they just delete the spam right ahead, not noticing that it was an abuse of their form. And the ISP has to deal with having to get the system out of the blacklists again....

At least none of the hosts on which customers are able to put up such scripts directly affect our own mail system, it's just the shared hosts they use... Still, deadly annoying. And then people are claiming that such misfeatures aren't a problem in PHP but in the coders? If it would at least be documented in the description of the function, but if one can claim it that it is it's at most just very vague hinted...

/debian | permanent link | Comments: 0

If you want to syndicate this blog, feel free to do so.
This list contains the feeds that I follow:

Sun Mon Tue Wed Thu Fri Sat


©opyright 1999++ by Rhonda
[rss feed]

[html by vim] [graphics by gimp]

[generated by wml]

[powered by blosxom]