Wednesday WIN (2014-Oct-22)

Top 10 Cycling Excuses – For Climbing

Top 10 Things Not To Wear While Cycling

Top 10 Things Not To Drink While Cycling

Posted in cycling, Wednesday WIN | Tagged | Leave a comment

Tuesday Tunes‬ #179 – Tom Petty

Tom Petty (born October 20, 1950) is an American musician, singer, songwriter, multi-instrumentalist, and record producer. He is best known as the lead vocalist of Tom Petty and the Heartbreakers, but is also known as a member and co-founder of the late 1980s supergroup the Traveling Wilburys (under the pseudonyms of Charlie T. Wilbury, Jr. and Muddy Wilbury) and Mudcrutch.
He has recorded a number of hit singles with the Heartbreakers and as a solo artist, many of which remain heavily played on adult contemporary and classic rock radio. His music has been classified as rock and roll, heartland rock and even stoner rock. His music, and notably his hits, have become popular among younger generations as he continues to host sold-out shows. Throughout his career, Petty has sold more than 80 million records worldwide, making him one of the best-selling artists of all time.[2] In 2002, he was inducted into the Rock and Roll Hall of Fame.


And now for some music …
Continue reading

Posted in music | Tagged , , | Leave a comment

This weeks links (2014-10-20)

Round The Bay 2014

In brief:

* Why #Gamergaters Piss Me The F*** Off (2014-Oct-21) [The Cauldron]
… There’s enough space now for people to make games that are strange and disturbing and maybe highlight a different perspective of the world, because gaming is no longer a niche activity, it’s something that everybody does. There is room for art in video games. That’s awesome! …

* Bupa Around the Bay – Ride for a Child in Need 2014 (2014-Oct-19) [Ride On Magazine]

* Bupa Around the Bay 2014 – Ride for a Child in Need | Bicycle Network (2014-Oct-19) [Flickr]


* The Week in Bike #40: Hostage to Fortune

* Cycling the Himalayas – Part One (2014-Aug) [Cyclingtips]

* Cycling the Himalayas – Part Two (2014-Oct) [Cyclingtips]

Some reading/listening:

* Neil Gaiman: Why our future depends on libraries, reading and daydreaming (2014-Oct-16) [The Guardian]

* The Percy Jackson Problem (2014-Oct-22) [The New Yorker]

Something from Bandcamp:

Five Long Years by Audio Antihero

Posted in links | Leave a comment

Firefox 33.0

Firefox v.33.0 was offered to release channel users on October 13, 2014.


Fixed in Firefox 33.0 [3]
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

*NEW* Support for connecting to HTTP proxy over HTTPS
*NEW* Improved reliability of the session restoration

Vulnerability ratings: 3 Critical, 4 High, 2 Moderate
Evaluation: test and update when possible

[1] Firefox features [Mozilla]
[2] Mozilla Firefox 33.0 Release Notes (2014-Oct-13) [Mozilla]
[3] Security Advisories for Firefox [Mozilla]
Posted in firefox, patch, security | Leave a comment

Adobe Patches (Oct-2014)

Adobe has updates for Flash Player and ColdFusion to deploy for this month’s Patch Tuesday

Bulletin Description Impact / Severity Software
APSB14-22 Security updates available for Adobe Flash Player Critical :
Remote Code Execution
Adobe Flash Player, Adobe Air
APSB14-23 Security update: hotfixes available for ColdFusion Important :
Security Feature Bypass
[1.] Adobe Security Bulletins Posted (2014-Oct-14) [Adobe PSIRT Blog]
Posted in Adobe, patch, Patch_Tuesday, security | Leave a comment

Patch Tuesday Wednesday (Oct-2014)

patch-tuesday This month Microsoft have released eight (8) security bulletins of which three (3) have a maximum rating of Critical and five (5) have a maximum rating of Important.

❝ Today, as part of Update Tuesday, we released eight security updates – three rated Critical and five rated Important – to address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize deployment planning, we recommend focusing on the Critical updates first. ❞ [1]

Bulletin KB number Description Impact / Severity Software
MS14-056 2987107 Cumulative Security Update for Internet Explorer Critical:
Remote Code Execution
Microsoft Windows, Internet Explorer
MS14-057 3000414 Vulnerabilities in .NET Framework Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows, Microsoft .NET Framework
MS14-058 3000061 Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS14-059 2990942 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Developer Tools
MS14-060 3000869 Vulnerability in Windows OLE Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Windows
MS14-061 3000434 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
MS14-062 2993254 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS14-063 2998579 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft windows

* MS14-056 : Microsoft Windows, Internet Explorer : Known exploits in the wild
* MS14-057, MS14-058

Security Advisory 3009008 to address a vulnerability in Secure Sockets Layer (SSL) 3.0

❝ Today, we released Security Advisory 3009008 to address a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating system. ❞ [4]

Mitigating Factors:
* The attacker must make several hundred HTTPS requests before the attack could be successful.
* TLS 1.0, TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

❝ What should you do: Disable SSLv3. There is no patch for this. SSLv3 has reached the end of its useful life and should be retired. ❞ [5]

Apply Workarounds:
* Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer
To turn off SSLv3 support in Internet Explorer 11:
Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.
Exit and restart Internet Explorer

[1.] October 2014 Updates (2014-Oct-14) [MS: MSRC]
[2.] Microsoft October 2014 Patch Tuesday (2014-Oct-14) [SANS]
[3.] Microsoft Security Bulletin Summary for September 2014 (2014-Oct-14) [MS]
[4.] Security Advisory 3009008 released (2014-Oct-14) [MS: MSRC]
[5.] SSLv3 POODLE Vulnerability Official Release (2014-Oct-14) [SANS]
Posted in microsoft, patch, Patch_Tuesday, security | Leave a comment

Halloween OTR

OTR Halloween :: the ancient festival of Samhain
Halloween, the light-hearted modern festivity of ghosts and ghoulies, frights and feast, trick or treat, has much more serious (and scary!) origins in the ancient Celtic Feast of the Dead. This festival has survived, due to its connection with the archetypal energies that it evokes and due to its more recent connection with the Christian festival of All Souls, which the Church has instituted as a substitute for this pagan celebration.

from Astrology on the Web

As Halloween approaches we find ourselves in need of a soundtrack. Now I know that Barry Manilow records scare the hell out of most people, but lets face it folks there are limits to what is socially acceptable. What does your retro ghoul, vampire or zombie listen to at Halloween?

Lights Out – 1938-04-06 Cat Wife (Boris Karloff)

The Weird Circle – Frankenstein

Beyond Midnight – The Signalman

Creaking Door – Don’t Take My Blood

Creeps By Night – The Walking Dead

Escape – The Fall of the House of Usher

Hall of Fantasy – Dance of the Devil Dolls

Nightfall – The Monkey’s Paw

Posted in mp3, otr | Tagged | Leave a comment