I should have been sleeping, and was probably intending to bloggg something or other Friday night, but ended up staying up way too late becoming an expert on XMLRPC vulnerabilities instead. Damn script kiddies. Sadly, every one of us who doesn’t devote his/her life to rolling their own everything from scratch (who, me, have a life? Surprised hell outta me too.) is at the mercy of third-party coders and the trust that can be placed in their work.

The first time I’d ever discovered a web ‘property’ of mine had been broken into (phpBB, way back in the day), I couldn’t sleep that night. I was up ’til 4am grinding my teeth, the logfiles and anything else within reach figuring out what happened and recovering everything. This time around, it almost felt mundane. I started the logs downloading, threw up a quick “returning soon” page and went to sleep. That ain’t right.

Anyway, the vulnerability allowed writing crap into the home directory of the vulnerable file, but not e.g. rooting the server, so the logs told everything…lame kiddie from a Saudi Arabian IP block.

Went out to Toast with J.R.; I finally wore the Duct Tape Man outfit in actual public before retiring it for good (with a spanking new Duct Tape Cape), J.R. came as a mad scientist researching ways to make cabbage plants express THC. (No*, the Fairy Gothmother, couldn’t stay out late that night.) Per my usual in mass social situations, I was kind of lost and alternated between dancing poorly to 80s music (and sweating [the DTM outfit is hot in not just the figurative biological sense]) and leaning aimlessly against a wall.

Through some strange fluke, a girl leaned over and started talking to me, asking about the outfit. She had a key around her neck, and her friend sitting next to her had a big whisk (egg beater) dangling from hers. Together, they were whiskey. Even if I’m probably the only person in the world who would find that funny, I found it funny :-) * So anyway, we got to talking…

Woohoo, I scored. I guess people have different definitions of scoring…I got a kiss and a number (email address…for me that counts as a number); for me that counts as scoring. I’d like to think this kiss /* bliss (sorta?) */ [_state] will last longer than my last, but my experience is that the odds of scoring a subsequent date with any girl roughly follow e^-kt, where k is some arbitrary constant pulled out of my ass. We shall see…

And J.R. won a pair of Bauhaus tix. Nice!

Squirrel on!

Sunday afternoon we played seperate-the-rat-cells-from-the-bottle-they-grew-on, and spin-the-rat-cells-until-they-make-a-nice-big-clump, and a few other games involving rat cells, and then we went squirrel fishing in Boston Common. I’ll explain that in a separate entry** when I have copies of the pictures/videos; it’s incredibly cute (and/or hilarious, depending on your take on things).

Pegasus, the flying cotton pony

Iterating through some aisles at a CVS with J.R. (hey, I thought we were just here for NutRageous bars), the (approximately) following conversation came up:

(passing through the tampon aisle) “Hey Tim, need any tampons?” -JR
“Um…do they burn?” -me
“I think so.” -JR
“…will they fit the tailpipe of a car?” -me

(Silence, followed by uncontrollable laughter at the mental image of flaming tampons being fired out of the backs of moving vehicles)

* at the way-early hallowe’en party I mentioned a week or two ago, there was a guy dressed up as a giant can of Play-Doh. His buddy, if he didn’t wuss out at the last minute, was supposed to come as Plato, the philosopher, making Plato and Play-Doh.

** I know, officially this thing is written by me for me, but now google and teh intire intarweb are watching :-) I want that entry to be easily searchable.


