WordPress cookie vulnerability

It seems the WordPress developers have made some wrong decisions in their use of MD5. Full details are in this announcement. In summary, the hash in the cookie for authentication contains MD5(MD5(password)) and the database MD5(password). This means that anyone with access to the hash from the database can pretend to be this user. Whoops. This shows that once again that security is hard as people consistently make the same mistakes.

More details and background on the Security Group blog.

Not a hippy but …

Howies have an excellent range of ethical and ecologicaly sound clothes. Whilst I was in their shop on Carnaby St I bought a bright orange Nalgene, They sell them to encourage people to use one bottle rather than hundreds or thousands of plastic bottles, to encourage this further they have a tap in their store where you can fill up your purchase. Smart thinking. Their blog is a little bit crazy though.

On the way back from Carnaby St I got a bit lost and ended up at Playlounge which sells the cool vinyl toys that adorn OH cental. Whilst I was there I couldn’t resist buying a copy of Clutter Magazine.

Anjuta 2.2.2

Packages for Anjuta 2.2.2 were uploaded to Debian unstable yesterday. I also built packages for Ubuntu’s ‘gutsy’ and put them in a PPA on Launchpad. The packages currently available in ‘gutsy’ are liable to crash due to issues with the plugins. The sources.list line for these packages is:

deb http://ppa.launchpad.net/robster/ubuntu gutsy main universe

Embedded accelerated Clutter bling

With sooper-dooper thanks to Samuel, Richard, Matthew and the space ape we now have Poky and Clutter up and running on the Logic i.MX31 LITEKIT. This ARM11 based development board features OpenGL ES 1.1 compliant hardware (based on Imagination’s MBX) which is now supported by Clutter’s EGL backend. Now we just need some more cool hardware to play with… 😉

Space ape admires the bling

Tasks … for OpenMoko

Towards the end of last week I knocked up very quickly a port of Tasks to follow the OpenMoko UI guidelines. The fact that this only took a few hours is testmant to Ross’s skill at structuring the Tasks codebase. It should now be available in the default build but I was alas too late to get it into the snapshot on the 19th however you can certainly get it in newer builds.