Light Blue Touchpaper (Security Research, Computer Laboratory, University of Cambridge) alerts users to upgrade their Wordpress to version 2.0.3 which should fix two XSS vulnerabilities they reported that are exploitable in the default installation and can readily lead to arbitrary PHP code execution.

They plan to post more details about the vulnerabilities in 10 days because, they say, “the nature of the problem can probably be deduced from the code changes, so there is limited value in waiting much longer”.

LinuxForums are reviewing the latest Ubuntu Linux Dapper version but I just wanted to bring forth a sine paragraph from it:

> Of course a few things were said about Canonical Ltd. not having a viable business model, the distribution’s success being only a consequence of a trend of the moment, and Ubuntu being a bad fork from the Debian project. But as releases went by, and the distribution simply getting better, it soon became clear to a lot of people: Ubuntu was the most popular distribution.

Why is this interesting? Well, when back in What the Hack I saw a presentation on Ubuntu by Benjamin Mako Hill with his lovely hat (photo here) I though more or less the same thing, “yet another debian fork”, etc., etc. Of course when I tryed it the first time I knew it meant something more. Much more.

What caught my eye was the “Just Works” feeling. You’re sick of banging your head against stupid defaults and configurations and just want something to get things done. Half-world is changing to Apple because of this and Ubuntu is the nearest thing you can get in the Linux world. But I know other things that made the difference. The best marketing you can get these days is the “buzz” and Ubuntu has that too.

* Seems like a new generation of blog tools is comming to life. Techcrunch is running a story about SixApart's new hosted blogging platform called Comet. It will allow WYSIWYG editing, easy uploading of images, audio and video, tags, and so on.. They will start letting users test it on Thursday, June 1.

• Petter Abilla, former amazon.com employee, blogs about his interview & job offer from google, which he declined after perceiving there wouldn’t be any google stock units envolved. Interesting read, especially this brain teaser they made him on an interview:

> you are at a party with a friend and 10 people are present including you and the friend. your friend makes you a wager that for every person you find that has the same birthday as you, you get $1; for every person he finds that does not have the same birthday as you, he gets $2. would you accept the wager?

• Tommorow there will be a semminar about academic spin-offs at the University. On another level, of course, will be the international conference on Academic Spin-Offs, to be held in Santiago de Compostela next 15th and 16th June, which seems promising although too expensive for me right now. Funny how the dokuwiki plugin replaces T-i-a-g-o with a link to the plugin author

On music listening, I’m trying to hear new stuff.

Some bands/players I wish to know better:

• Porcupine Tree (after recommendation from Last.fm)
• Opeth (after recommendation from several people).

I’ve recently heard:

• an Woody Allen album but didn’t appreciate much.
• Jim Matheos album “First Impressions” - very nice, just instrumental but calm and relaxing.
• Joe Satriani album “Super Colossal” - extremely nice.
• Jesse Cook album “Free Fall and Nomad” - extremely nice.

Note to self: Listen even to more new stuff.

This week I went karting. My team (Algarvios Racing Team) finished 5th out of 17, not bad. I did the fastest lap from our team (56.492 I think) which was pretty good. I had the luck of starting the race (7th on the starting grid) and the thrill of the start is something I can’t really describe. I passed two guys on the first laps and got 4th for a bit but then we ended up in 5th overall. Great time.

Tomorrow some friends will be participating in the ceremony that is part of being in the last year of the graduation here in Evora. One of them is doing an internship at YDreams, another one at Critical Software, etc. which is pretty cool.

And my MSc work is going well. I’m keeping a research journal for a few months now about it but off-line and in OpenOffice format for now. I found it to be faster and without the many quirks of using something web-based like a Wiki or a blog category.