Companion Cake

Note that if you haven't played Portal, go get it, play it, and come back in a few hours to finish reading this post. Otherwise, it probably won't be amusing. (You have been warned. ;)

I just found out about this. I can hear her now: "You ate your only friend. That's why nobody likes you. You're such a horrible person."

Banana Chase

My friend/coworker just told me about the Banana Chase 5k, which is happening on September 14th. It sounds like a lot of fun: there are people dressed in Bananas running the course, and you have to outrun as many as you can. Anyone wanna join in?

Also, I'm running the Golden Gate Park 10k in October, and if anyone wants to join me, register and drop me a line.

OpenID Vulnerability

A rather interesting vulnerability in OpenID has been posted:

Ben Laurie of Google's Applied Security team, while working with an external researcher, Dr. Richard Clayton of the Computer Laboratory, Cambridge University, found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166).

In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to
rely on these OPs.

Neat stuff. (And a reason that software really should check CRLs.)