favicon.cc has cool real-time previews and allows creating animated favicons.

Update: check the comments below for more online favicon editors/generators!

Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.

It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.

And here’s why:

• recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
• there’s also XID field, which seems to be unique for each page load

Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)

This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.

Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.

I’ve notified the developers.

It was only today that I’ve noticed Microsoft Office Live in Available updates (using Microsoft update). Curiosity led me to find out that Office Live is a suite of online word processor, presentation editor, spreadsheet and note-taking software, limited to a 500 MiB diskspace – free, developed by Microsoft. Office Live appears to be built on top of SharePoint.

Main emphasis of their website is on collaboration and access from anywhere to your documents. Although Firefox (together with IE) is listed as a supported browser on XP/Vista/MacOS (Linux is not listed), there is a note that some Office Live features require ActiveX. So Office Live is not really a match for Google Docs in portability (quite expectedly).

An update installs some new menu commands into Office XP/2003/2007, which allow working with Office Live from within your local M$ software.

I wonder if there is already an OO extension which allows working with Google Docs – no more wondering, here it is (thanks Paolo!).

Unix SEX :{ look; gawk; find; sed; talk; grep; touch; finger; find; flex; unzip; head; tail; mount; workbone; fsck; yes; gasp; fsck; more; yes; yes; eject; umount; makeclean; zip; split; done; exit:xargs!!;)} (source: someone’s signature in the Debian mailing lists).

download Unix/Linux command reference by Jacob Peddicord/FOSSwire.com

Came across typealyzer, which allows to “determine” the blog author personality.

Mine is ESTJ – The Guardians:

The organizing and efficient type. They are especially attuned to setting goals and managing available resources to get the job done. Once they´ve made up their mind on something, it can be quite difficult to convince otherwise. They listen to hard facts and can have a hard time accepting new or innovative ways of doing things.

The Guardians are often happy working in highly structured work environments where everyone knows the rules of the job. They respect authority and are loyal team players.

Typealyzer currently supports only English and Swedish blogs.