Category: Life

I appreciate my university education. It’s given me skills that have become indispensible to my daily living – the ability to think critically, an understanding of how to question, and the like. But in as much as I consider such broadening of perspectives invaluable, I’ve come to be extremely cynical on the stress imposed on high school students to get into the institution of their “choice.” Moreso if the student parent is aiming for a high-brow British university or whatnot.

I see such aims as both fiscally irresponsible and a waste of time. The more expensive the institution, the more specific the program, the less inherent flexibility there is for the student to change their mind. That fluidity is necessary, because unless one expects a 16 year old to somehow be imbued with the knowledge of a recent graduate, we shouldn’t expect him/her to not change their mind on the degree of choice. It’s only natural, as anyone who’se been through the grind will tell you.

So when I see news tidbits on kids suffering burnouts over their attempts to get into prestigious schools, I can’t help but think their parents blinded by their own aspirations. Naturally, there’s nothing wrong with getting into a prestigious school. But a 22 year old equipped with a university degree and a clearer mind is much better informed at making such a decision than a 16 year old still trying to grasp the basics of adult life.

And with that, I conclude the last of the shoots with the main characters of Docks. I also got some footage for a featurette on the rundown of an atypical shoot. Next up: the small things which I can do, as well as work with five extras. I hope to wrap up filming by this weekend.

I was in last Thursday’s Globe and Mail, as part of an article on the throttling of bittorrent traffic that a number of ISPs are undertaking. What a crazy day that was – I was at work when the first email came through on my BlackBerry. Within hours, a photoshoot and interview time had been set. These guys sure waste no time.

Globe and Mail Article.

The other day I discovered a flaw with the University of Ottawa website. In essence, it allowed any one of it’s 30,000+ students to hijack their student directory page to upload malicious code. This was not in the realm of the theoretical, it had only taken me a matter of minutes to set-up the following fake phishing example. Whenever someone would visit my student page, they would be treated to a pop-up window that would ask them to log-in to their university account again.

Putting their mouse over the pop-up would produce a warning that the log-in prompt was a fake:

It’s classic cross-site scripting. It would be obvious to some that this was a phishing attempt, but not to everyone. The solution was simple too: sanitize text. I sent an email to the head webmaster of UOttawa, but she never got back to me. Great! With the person supposed to care not giving a shit, I decided to go through the regular support channels all students use. Lo-and-behold, they sent this:

Mr. McArdle,
Thanks for submitting the problem to us and for the information you gave us. Have you spotted any such record that have exploited the vulnerability?

I lied and told them no. I didn’t want to mention the demonstration I had made. Then I was worried it was a mistake. A week had passed, and the vulnerability was still in place. This morning, I got this:

Mr. McArdle,
Thanks for the feedback. I”ve assigned the problem to the group in charge of InfoWeb.

So hopefully, hopefully, they’ll do something about this. But what are the odds? I honestly don’t think anything will be done. That’s the problem about security: too few care. There’s lots of students at Ottawa U., and it wouldn’t take a genious to figure out what I did. And I’m a frickin’ physical geography student – not anything remotely close to computer science!

Update: I got the following message today…

Mr. McArdle,
Thank you for your astute observations and honesty and integrity in revealing the gap. This is a known bug and with a known solution and we are in the process of correction by [removed.]

Thanks again for reminding us of this urgency.

I’m currently in the process of switching the nameservers of many of the domains that I own. This means that you can expect outages here and there during the transitioning process.

Update: All done!

Quote of the Moment: <savant> likewise, the “pull out” method may work for bump keys, but not for birth control.