Something Odd!

Winch Wakeboarding at the Lee Fields

Ireland experienced a deluge of rain, and it’s not finished yet, but for some it’s an excuse to wakeboard in a flooded field. 🙂

Nice to see Fergal out there taking photos. He’s not usually the one being photographed!

The missing bit

There may have been a bit missing from the Ferris Wheel on The Grand Parade yesterday, but I’m informed that all bits are accounted for now.

I always thought flossing was good for my teeth

This SBM article leads me to question the idea that flossing my teeth helps to prevent dental cavities and gum disease.

It’s more complicated than that.

Done “by professionals” it can reduce dental caries (tooth decay) but if you’re not flossing at least five times a week there’s little benefit to it. Maybe the professionals had a technique the rest of us don’t know, or perhaps they were more diligent about flossing during those trials. Who knows?

To floss, or not to floss? That is the question. Now that you are armed with the evidence, you can make the choice which is best for you. If you want to prevent tooth decay, you should focus on reducing your sugar intake, use a fluoridated toothpaste, and perhaps a fluoride mouth rinse. Whether you decide to floss or not depends on your desired outcome. For a fresh, debris-free mouth, yes, go ahead and floss away. If your desire is to prevent cavities or periodontitis, other methods are more effective.

Many years ago before I started flossing regularly I rushed to the dentist while on holiday with a terrible pain in my mouth. Fearing that a tooth would have to be pulled or cavity filled I sat in the chair, leaned back and the dentist took one look. He grabbed some floss and removed the crumb that had lodged between my teeth. The pain was gone!

So, just like the author of that article, Grant Ritchey, I’ll continue to floss every night. There’s no downside and my mouth feels better for it, even if the science doesn’t fully back me up on this.

I Made A Mistake I Bought A Lemon Jeep

Ouch. I hope he gets some satisfaction soon.

I can’t imagine ever spending the equivalent of $60,000 on a car. It’d get you a lot less in Ireland as well. Yay for VRT!

I hope that’s sugar free gum

Because this is so sweet..

My Mr Robot

When people talk about how great Mr Robot is I agree but I suspect we’re not talking about the same thing.

Onism: how much of the world have you seen?

onism – n. the frustration of being stuck in just one body, that inhabits only one place at a time, which is like standing in front of the departures screen at an airport, flickering over with strange place names like other people’s passwords, each representing one more thing you’ll never get to see before you die-and all because, as the arrow on the map helpfully points out, you are here.

Ironically due to our connected world we’re all the more aware of the blank spots in our maps.

The Web Won’t Forget Alex King

If you use a WordPress site, either as a visitor or owner, you’re using code that Alex King, one of the original developers of WordPress, worked on.

He passed away after fighting cancer for 2 years but his online presence lives on in the form of his blog with it’s deep archive of posts going back years, and in so much code that it’s humbling to look at his projects page. Looking through the svn log of WordPress trunk shows he still had a hand in helping the WordPress project until relatively recently:

trunk$ svn log|grep alexkingorg
props alexkingorg for the initial, long-suffering patch.
props alexkingorg. fixes #24162.
Props alexkingorg
`wp.media` instead of just `media`. props alexkingorg, see #22676.
Add $post_ID context to the pre_ping filter. props alexkingorg, devesine. fixes #18506.
Add filter so the users can select custom image sizes added by themes and plugins, props alexkingorg, fixes #18520
esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
Escape links by default. Props alexkingorg. see #13051
Safely include class-json.php, class-simplepie.php and class-snoopy.php, props alexkingorg, fixes #11827
Fix user creation from admin after changes for #10751. Fixes #10811 props alexkingorg.
Hooks needed to allow alternate category admin inteface. Props alexkingorg. fixes #3408
Wrap cat name in CDATA. props alexkingorg. fixes #3252

I’m sorry I never met Alex, however I remember working virtually with him and Adam Tow on AllThingsD which seems like a lifetime away now. Adam has a great article on Alex on his blog, as does Matt who went into detail about Alex’s involvement with WordPress going back to the days of b2. I had completely forgotten the CSS competition he mentioned!

Alex, your legacy lives on.

WP Super Cache 1.4.5

WP Super Cache is a fast caching plugin for WordPress. It will help your site run faster and serve more traffic.

This is a security and bugfix release.

Some servers display a directory index when no index.html is found in a directory. That may reveal the filenames of cache files.
There were issues in the settings page that might allow an attacker to browse or delete files named index.html.
PHP Object Injection could occur if an attacker managed to inject malicious code into the legacy cache meta files.

When you upgrade, your “legacy cache” files for logged in users will be deleted. This may have an impact on your site:

If your site is slow at generating new pages.
If you have many known users (logged in users or people who comment).

Your site will suddenly have to generate new cache files for all visiting known users.

Relying on caching like this is not recommended for these types of users as it’s very inefficient. Each user has a separate cache file that must be checked whenever the plugin does administration work like cleaning up stale cache files.

If most of your traffic is anonymous users who don’t comment you don’t need to worry about this.

Directory Listings

If a server is configured to show directory listings it will show files and directories in the cache directory to visitors who access those directories directly through their browser. This might reveal private posts, and in the case where legacy caching is enabled for known users the login cookie was stored in “.meta” files that could be downloaded.

Files named “index.html” were added to the main cache directories to stop remote users viewing the contents of the cache directories. Unfortunately it’s not possible to add empty index.html files to the supercache directories because those files could be served by accident to legitimate visitors of the site. However, the plugin will also add a directive that disables directory listings to the file cache/.htaccess. You can now also change the location of the cache directory on the Advanced Settings page of the plugin. If you can’t disable directory indexing on your server and you have private posts you should change this location and use PHP mode to serve cache files.

cache-location

If a directory index is found in the cache directory it will show a warning like this to administrators:

Clicking the logout link will log everyone out, except the user who clicks it, but it guarantees that the login cookies are updated, just in case someone has copied the cookie from an old meta file.

Directory Traversal and File Deletion

User input in the settings page wasn’t properly sanitised. The code that sanitised directory paths when deleting cache files wasn’t secure and might allow an attacker to view or delete files named index.html. Deletes are protected by a nonce, limiting the useful lifetime of the URL however.

PHP Object Injection

The plugin used serialize and unserialize to store data in “legacy cache” meta files. This might be used to perform a PHP object injection attack. Serialised data is now stored as JSON data.

The format of legacy cached files has changed. The files in the meta directory no longer have a .meta extension. They are .php files now and each file has a “die()” command to stop anyone loading them.
The data stored in those files is now stored as JSON serialised data. The login cookie is an MD5 hash now as well.
When you upgrade the plugin your existing legacy cache files will be deleted and regenerated as visitors use your site.

Apart from those security fixes there have been a number of enhancements and bugfixes:

Disabling the plugin no longer deletes the configuration file. Uninstalling will do that however.
Enhancement: Only preload public post types. Props webaware.
It’s now possible to deactivate the plugin without visiting the settings page.
Fixed the cache rebuild system. Rebuild files were deleted immediately but now survive up to 10 seconds longer than the request that generate them.
Minor optimisations: prune_super_cache() exits immediately if the file doesn’t exist.
The output of wp_cache_get_cookies_values() is now cached per visit.
Added PHP pid to the debug log to aid debugging.
Various small bug fixes.
Fixed reset of expiry time and GC settings when updating advanced settings.
Removed CacheMeta class to avoid APC errors. It’s not used any more.
Fixed reset of advanced settings when using “easy” settings page.

This release wouldn’t be possible without the help of Brandon Kraft, Dane Odekirk, Ben Bidner, Jouko Pynnönen and Scrutinizer. Thank you all!

Discworld Reading Order

Via this Reddit post.

Donncha on Star trekkin' across the universeSeptember 4, 2025
And in 2020 someone created a version of the song on the Commodore 64! Not great, TBH, but you'll recognise…
James on Fisher or hunter street photographer?September 4, 2025
… liked this!
Josu Lizarralde on 1986 Interview With John DeaconAugust 22, 2025
… reposted this!
Josu Lizarralde on 1986 Interview With John DeaconAugust 22, 2025
… liked this!
James on 1986 Interview With John DeaconAugust 22, 2025
… liked this!