I banged my head against this one for a while before figuring it out, so I’m posting the solution – for my own future reference if nothing else.
I’ve been working on extending Textmate’s Markdown language bundle. The development versions of the bundles are stored in a repository managed by Subversion.
I noticed that the bundle’s name started with a lowercase letter, unlike the other bundles, so I did a quick svn mv to fix it:
Does your website contain mail forms that aren’t sanitizing input as aggressively as they should? There seems to have been a recent surge in automated (or semi-automated, it’s hard to tell) probes and exploits of form mail scripts, all revolving around injecting headers into sent mail.
Here’s how it works: Let’s say you have a form that allows the user to enter their email address. The black hat’s exploit script submits a value for that field that includes a newline, followed by whatever email headers they want to insert: Bcc, for example, or even full-blown MIME-encoded parts.
Some domain names become active verbs: I googled it. Others become passive verbs: I got slashdotted.
BoingBoing, linked to by over 16,000 blogs, is a passive verb too, and two weeks ago my server got BoingBoinged.
Joe started it when he made a posting on the Well with a link to a series of (bloodless) photos from a huge motorcycle ride turned motorcycle pileup. Somebody suggested a slideshow; I took the opportunity to exercise my mass-image-resize script and to check out ImageReady’s ability to export animations as Flash. I put the resulting 2.6MB file on my neglected moto-blog, posted the link to the Well, and went on with my evening.
Here’s an odd bug in OS X’s Mail.app: if the cursor is either at the beginning or the end of a message you’re composing, and you press the keyboard shortcut for “Transpose characters” (ctrl-T) the application spontaneously quits.
Bummer!
Caution – don’t idly test this out right now if you have an unsaved message open. I know it’s tempting.
MacFixit has a suggested workaround – use ~/Library/DefaultKeyBindings.dict to disable the key – but it’s not ideal since ctrl-T has valid uses in other applications, like invoking spellcheck in Pico or Nano. Unless you tend to hit ctrl-T accidentally, I’d just leave it alone and wait for the inevitable patch from Apple.
I learned this today from an anonymous comment over at FA:OSX. If you want to download RealPlayer but would rather skip the registration and the attempts to distract you into buying the payware version, just go here:
jima commented on Sat Oct 8 14:16:27 2005:
There’s also another version that the BBC had made exclusively for its radio listeners that doesn’t have all the spyware stuff that you get in the regular RealPlayer version. BoingBoing wrote it up last year, and it looks like the links are still good.