寶貝日記 – 熱死了，肚皮貼地板比較涼快

寶貝日記 – Mimi 剪光光

剪毛前最後的背影

剪毛後…Orz

再見了 Mac mini

根據傳言指出，Apple 將會停產 Mac mini
不會吧，我還在等 C2D 版本的 Mac mini 推出，準備敗一台來當 Server 用的啊….Orz
要是傳言屬實，那可得趕快去收購一台回來當古董擺了…

Apple Security Update 2007-005

Security Update 2007-005

Alias Manager

CVE-ID: CVE-2007-0740

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Users may be misled into opening a substituted file

Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue.

BIND

CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/

CoreGraphics

CVE-ID: CVE-2007-0750

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.

crontabs

CVE-ID: CVE-2007-0751

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: The daily /tmp cleanup script may lead to a denial of service

Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.

fetchmail

CVE-ID: CVE-2007-1558

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: fetchmail password disclosure may be possible

Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

file

CVE-ID: CVE-2007-1536

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.

iChat

CVE-ID: CVE-2007-2390

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.

mDNSResponder

CVE-ID: CVE-2007-2386

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue.

PPP

CVE-ID: CVE-2007-0752

Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue through validation of user privileges. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue.

ruby

CVE-ID: CVE-2006-5467, CVE-2006-6303

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Denial of service vulnerabilities in the Ruby CGI library

Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.

screen

CVE-ID: CVE-2006-4573

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: Multiple denial of service vulnerabilities in GNU Screen

Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

texinfo

CVE-ID: CVE-2005-3011

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.

VPN

CVE-ID: CVE-2007-0753

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.

Google 買下 FeedBurner

証實 Google 買下 FeedBurner 了
不過，我也已經好久沒在用 FeedBurner 了………XD

NDSL

Wii 很熱門，但目前電玩界的真正霸主，則是 NDSL
因為玩 Wii 才接觸 NDSL，最後還是敗了…Orz

Wii 適合多人一起同樂，不過，我都是一個人在玩，或許 NDSL 才是更適合我的主機

目前手邊的 3C 電子產品有：
Canon DC、SE Mobile Phone、iPod nano、NDSL 等等
一次出門都得帶好多個出去

我真正想要的是一台：
能夠打電話
能夠照相、錄影
能夠聽音樂、看照片、影片
還能夠玩遊戲
如果還有 PDA 功能及 GPS 系統
那就更完美了

不知道要等到哪天，我才能只帶一台機器出門，就可以符合以上所有我的需求…:p

寶貝日記 – 嗑藥的 Jiji

來吃貓草囉…
Lio 只是吃，Mimi 在旁邊看，Jiji 吃了後就會發作…….XD

Part 2

Part 3

丁丁是個名人

最近丁丁爆紅，各大部落都在上演丁丁大戰野狗大的戲碼
丁丁頻頻放大絕，殺得野狗大爆氣紅血
終於惹火了野狗大，逼得野狗大紅血爆氣放無雙，展開絕地大反擊

丁丁真的不只是個人才，丁丁還是個不折不扣腦袋淨重 2074g 的名人 (2074=乎恁氣死)

在 Wii 頭腦柔軟體操學院的測試下，有圖有真相：
高達 481g 的數字能力 (難怪那麼會賺錢)
只有 361g 的分析能力 (難怪常常出包)
只有 335g 的知覺能力 (難怪不知不覺，不管用戶怎麼罵都沒用…XD)

原丁丁是個人才的圖：

5/10 Update:

寶貝日記 – 三角習題

感謝 貓皇后 給的 三角習題玩具

底下是我們家三隻小喵的解題狀況：

沒啥興趣？

原來是在抓老鼠

還是抓老鼠…Orz

狩獵本能

Wii 頭腦柔軟體操學院的成績公開 (有圖有真相)

目前我最高 1981g 9段
學科成績 2122g
18白金
41金
1銀
全打出來了…
最高有 537g

登錄的8人都在8段以上，兩個9段

我的 Wii Number 5506 2963 6411 5706 / candyz
大家來交流成績吧…

鄉民都會說：「PO文不附圖，此風不可長。」「靠么，圖咧？」
所以，有圖有真相…

BTW:
看不懂日文的，dentalmao’s blog 裡有整理一份對照表，可以去參考(感謝啦)

遲來的心得-參加體驗式學習活力營與Wii的頭腦柔軟體操學院

上個月底參加了公司為中階主管所舉辦的團隊共識活力營
這是一個體驗式的學習課程，藉由玩團體遊戲來激發及省思、並從中學習
我算是第一次接觸這樣的課程，很新鮮，也覺得很有收穫
為什麼是遲來的心得呢？其實一些重點及經驗，我自己早有紀錄下來只是沒有公布在 blog 上
由於最近都是在玩 Wii 的頭腦柔軟體操學院
突然讓我在兩者之間有了連結
其實這兩者的遊戲及思維是很類似的
頭腦柔軟體操學院真是個好遊戲…:p

參加體驗營讓我學到的主題是： 『創新、整合、執行』
在資源有限的情況下，要如何去跳脫框框？如何去「創新」？想出更好的方法來達成目標
人人都不要的負數，換個思維，也可以變成人人搶著要的王牌，重點是如何有效的去整合
確實的執行，不放棄，持續進步，同時也要兼顧品質，更要有居安思危的觀念
規則是資源而不是限制，要充分了解規則，才能跳出框框，才會有創新
一開始做出快速且正確的判斷也是很重要的，才不會浪費資源，做白工

我在玩頭腦柔軟體操學院時，例如數字加總這個小遊戲

題目要 15，但有 2 3 5 7 8 還幾個，最簡單的想法是，7+8=15，所以打 2 3 5 打掉就對了
但這樣要敲三次，2+3+5=10，若是只敲 2+8 or 3+7，一樣可以過關，但相對的只要敲兩次就夠了
這樣速度就會加快(敲兩次一定比較敲三次快)，分數也會更高

像分析中的早擊

就是要快速並準確的判斷，快沒有用，選錯一樣是沒有分數的

像知覺裡的選出其中一個跟其他三個不同的

這個就是在跳出框框，要同時注意很多地方，而不是只專注在一個錯的地方來找答案

總之，玩頭腦柔軟體操學院的小遊戲，都跟我在上課時所玩所遊戲很類似
因此，有感而發…:p

BTW, 打個廣告
我的 Wii Number: 5506 2963 6411 5706
有玩頭腦柔軟體操學院的朋友，可以把我加入好友名單來互相分享交換成績…

目前紀錄：
11白金
47金
1銀
1銅

最高七段 1798g

Creative Zen Stone — 還需要更多的「破框思維」

在 Gizmodo 上看到 Creative Introduces Teeny Tiny Zen Stone

常常看到 ooo 推出了 iPod Killer、xxx 又推出了 iPod Killer
但直到目前為止，那些號稱是 iPod Killer 的，真的有打敗 iPod 嗎？
很明顯的 「沒有」

這讓我想到了一個很關鍵的重點：『破框思維』
那些產品有「創新」嗎？ 沒有
它們只是跟在 iPod 後面的腳步在走，只是在模仿外型等等
直到目前為止，還是這樣，完全沒有跳出框框
殊不知，iPod 除了外型簡潔，功能簡單易用外，它的特點就是在於人性化的操作介面
以及背後強大的 iTune Music Store 的支援
但是它 的競爭者，卻還是一直專注在外型、功能上面，而沒去思考其他成功的關鍵因素(或是知道卻沒有實際去執行)
這樣，無法跳脫框框，當然就很難成功

另外再舉一個最近很紅的例子： Wii
當大家的焦點都放在聲光效果上時，一昧的追求更好的畫質、影像 (Xbox 360 及 PS3 都支援到 1080p/i 了)
另外，對於遊戲的操作也越來越複雜(要出個絕操要按 n 個鍵，得記憶一大堆招式)
似乎大家都被高畫質給框住了
要比畫質 NGC 比 PS2 好，但 NGC 還是陣亡了
而任天堂的 Wii 就來個另類思考，新的像搖控器的手把，強調遊戲性而不追求高畫質
完全跳出舊有的框框思維，也成功了造就了這一波的 Wii 旋風

不管任何事，當到達了一個瓶頸時，有時候，真的是需要冷靜的思考一下
要如何「創新」？如何跳出框框？
或許，就會有意外的收穫哦…:)

Flickr Uploadr for Mac OS X 更新

Flickr Uploadr for Mac OS X 10.3 or higher

Version 2.3 released 1 May 2007. This is an important upgrade which is a Universal Binary application, replacing the previous PPC version. This release has options to set your uploaded images based on content filters and also has some changes that make Uploadr start up faster than before.

用舊的上傳，一直會有問題，等了好久好久，終於有新版本了…

寶貝日記 – 三隻小喵

三隻小喵

吃罐罐囉

做錯事了哦，嚇都兩隻都躲到椅子底下

Jiji and Mimi

咪咪穿衣服

又見刀疤歐