The guy keeping Anna Nicole Smith from all that money just died. King Fahd died late last year. Now the world's second richest living man (Buffett) is giving all of his money to the world's richest man (Gates), who's going to give it all away.

There's a lot of money on the move. 

I notice that the domain ck.it is still available. I think I've got enough domains, so I'll pass this one, but it's very tempting. Why would somebody want ck.it as a domain name? Because then you could create and perhaps sell/lease sub-domains with catchy names like cli, ha, su, fu, ro, etc.

I can write most any kind of software and usually do it pretty well. But there are times when it's better to let somebody else do the dirty work. In this case it's so-called Cross Site Scripting or XSS. For a community site such as this it's a nightmare - but one which refuses to go away.

In simple terms, it's Javascript injection. If you can get code onto a page, somebody will execute it by visiting that page, and one can exploit the fact that somebody is running their code. These exploits can range from minor infractions to serious felonies, and you can stick the code most anywhere that you can type something and have it show on a web page.

I had several regex's setup to stop XSS and still allow HTML authoring, but it turns out that the browsers have too many holes to plug with a few regex's. The XSS hack which took down myspace.com was instigated by putting javascript code into a stylesheet and breaking up the word jav a sc r ipt. Internet Explorer gladly packed it back together and ran the code. IE will also execute the same code written in hexadecimal. You can't keep writing regex's to stop all this stuff. Regex's aren't the correct tool for the job (they are part of the solution, but not the total solution). At some point it requires an HTML parser to take the 'bad' HTML one character at a time, and rebuild it into good HTML.

There are four possible solutions: 

1. Ignore the problem and hope it goes away. It won't.
   
2. Do away with HTML authoring completely and either force everybody to learn another tag system or just force everybody to use plain text.
3. Write an HTML language parser to rebuild the code based on every historical variation of HTML which might be encountered. 
4. Let somebody else write this parser.

I hate writing parsers, and in this case the task is to write a parser which duplicates the code flow of the most horrifically buggy web browsers. 

So I went with number 4...

PS> I found one developer website which seriously recommends using 'strip_tags' in PHP to make your site safe from XSS attacks. It won't, because strip_tags doesn't recurse. One can embed tags within tags and blow right through it. They should be shot. If you'd like to have a look at the number of ways that hackers can blow through your security, visit http://ha.ckers.org/xss.html

According to the Concise Oxford English Dictionary - the list of top 25 nouns:

time, person, year, way, day, thing, man, world, life, hand, part, child, eye, woman, place, work, week, case, point, government, company, number, group, problem, fact.

Other recent pentagon projects involve chemical agents which reportedly would make enemy soldiers irresistably physically attractive to each other - which I'm assuming would take the form of an aerosol cloud of highly concentrated Viagra/Cialis to give them the desire together with a pheromene additive in order to affect their orientation. Presumably the ensuing confusion would affect their morale and make them less willing to fight. 

...Make love, not war.

Seems like everybody is upgrading right now. First off is netscape.com - you can see the new version currently at beta.netscape.com. What's notable is article voting and avatars. Gee, where have I seen those before? One big issue I've found is that when you load an article from the original article site, it's displayed with a sidebar - and the sidebar messes up the formatting of the original page in a big way. Oh well, it's on somebody's bug list. Not mine. 

Then I see a newsflash that the Opera web browser is still alive - and just released version 9. I had a look - and by golly, it's a real web browser, unlike some of the older Opera incarnations. It does most of the stuff that IE and Firefox do, and in some cases a little bit more. Sigh - what it means for web developers is that they'll have to test with yet another browser to make sure everything works. On the bright side, it looks like my websites render just fine. I haven't yet verified that my AJAX stuff works on Opera - that's where things are most likely to get sticky.

I also notice that they do transparent PNG's - which means I can enable image drop shadows on Opera, but I'm in a quandary there. The load time for the drop shadow images is starting to bug me. Barksdale Rule #2 is "don't play with dead snakes" and this one is long deceased, but playing with it isn't what I had in mind. I'm thinking it needs killing all over again. 

While I'm looking at web browsers, I decide to have a look at the (yawn) documentation for Internet Explorer 7. An integrated search bar, tabs, RSS feeds. Put me to sleep already! But I have to laugh at the section entitled 'Security'...

Peace of Mind
And while you browse the web, Internet Explorer 7 automatically monitors your computer to protect you from unwanted and malicious programs that can be installed on your system as a result of surfing the web.

Uhm, pardon me... but...

Why can unwanted and malicious programs be installed on my computer as a result of surfing the web? Instead of protecting me from these evil programs that have been installed on my computer, why not fix the bugs that allow this to happen?

The top CNN Business headlines today:

• Goodbye, Mr. Gates
• Party on Wall Street

I agree - let's celebrate...

--- 

When a man and woman meet for the first time, men may be more likely to think about sex -- or at least more likely to admit it.

That's the core finding of a study in June's issue of Psychology of Women Quarterly.

The researchers included Maurice Levesque, PhD. He worked on the study while at the University of Connecticut and now works in the psychology department of North Carolina's Elon University.

---

There are two interesting things about this article:

First that Dr. Levesque apparently talked somebody into funding this research. 

[You know what they say about a fool and his money...] 

The second is that there is a magazine called Psychology of Women Quarterly.

[It's about bloody time...]

The Dixie Chicks are learning some hard lessons about marketing.  The current tour isn't selling many tickets. Their target market was the country music scene until those unfortunate political quotes a few years back. Country music isn't very political. Actually it is, but not in ways you think. Country music is very republican, and extremely patriotic. If you want to dis the president, you need to be in a different market - for instance the pop or rock-n-roll markets; which were born of rebellion. There, you can criticize most anybody or anything and get away with it.

They've actually got the right idea - they are more or less abandoning country radio - which won't play them anyhow, and trying to re-invent themselves as pop stars. But now their name is a liability. 'Dixie' isn't a very good rock-n-roll name. It still reeks of country. So the best way forward is to drop the twang, learn how to dance ala Madonna and Brittney, and just become the Chicks.

They might just stand a chance. 

Ring, ring... 

Hello?

You need what? A gold picture frame? Four feet by three feet? And you need it when?

Do you have any idea what time it is?

We open at ten.

Click.

Ring, ring...

CNN: President Bush stressed the need for immigrants to learn American values and culture if they are to become citizens, as he paid a visit Wednesday to this heartland state where the Hispanic population is on the rise.

America 101:

Buy the biggest vehicle you can find so that you can use more gasoline than anybody else.

Buy lots of fried and sugary foods and get really fat.

Come up with a novel fraud scheme to finance these activities.

I thought it would be cool to do some internet searches for various folks that I used to be in rock-n-roll bands with in the late 70's and early 80's. Where are they now? Did any of them stick with their musical careers? This provided some interesting results -

2 are in county lockups

1 in federal penitentiary

1 on death row

1 is a registered 'extremely dangerous sexual predator' 

4 are dead

Spooky... Oh, but there's a bright side - 

1 runs a small computer business in Costa Rica

Sex: Bush and friends try once again to define a 'marriage' in constitutional legalese. That means something a little more descriptive than two people who decide to hang out with each other. It also isn't good enough to say it's two people who sleep together. A man and a woman. Hmmm. This is the constitution, and we're still arguing over the right to bear arms because they didn't define a well-regulated militia very well. Ultimately this is going to require precise anatomical descriptions in order for there not to be any loopholes. The only problem is that the constitution is read and studied by school kids. It is going to be a very delicate balancing act. 

Drugs: Troops in Afghanistan are going where the action is. That means to the poppy fields. There's a fresh crop. And the U.S. intends to control the valleys. You won't find this in a public policy statement, but to do this, they need to win the hearts and minds of the opium farmers. And the only way to do this is to become better at opium distribution than the Taliban.

Rock-and-Roll: Bill Wyman is more than just a survivor of 40 some odd years with the Rolling Stones. He's also a photographer, and has just published a book of photos which he took while hanging out in hotel rooms. Speaking of the Stones, it has been confirmed that none other than his satanic majesty Keith Richards will be playing Johnny Depp's (aka Captain Jack Sparrow) father in the next installment of Pirates of the Carribean. I have to hand it to the casting director - I think he's a good fit for the part. The only issue is whether or not he's got any acting talent.

It is particularly telling that the U.S. contingency plan for 'dealing with' Iran has but one military strategy - nuke 'em. It is the only military strategy being discussed. Bringing democracy to Iran isn't even on the table. 

Why? Because we took a fledgling democracy away from Iran in the early 1950's and installed a military dictatorship. Forcibly installing precisely the kind of government which we destroyed wouldn't go over well with the Iranian people. Forcibly installing any kind of government probably would not go over well with the Iranian people. The last time we did this, we brought them the Shah - who was arguably the most vilified human being on the planet until they finally were able to dump him in the late 1970's.

For those that are too young to have studied these events, it all came about because of a British oil conglomerate. They pumped the oil and shared the profits with the Iranian government (and people). Except this particular oil company was a bit corrupt (I'm shocked!). They cooked the books and weren't sharing all the money. So the government did what any government would do under the circumstances - they kicked out the corrupt thieves and took their oil back.

This didn't go over well in Washington D.C. You see, our oil companies were bigger than the British companies. What if all the oil-rich lands decided to nationalize all the corrupt oil companies? It wouldn't be good for business. It wouldn't be good for the continuous flow of cheap oil (gasoline was about 22 cents a gallon at the time). So at the urging of a handful of American business executives, the CIA covertly threw a few million dollars into a program to dump the government and take back the oil resources. We brought back the monarchy which had existed prior to WWII.

The Shah rapidly consolidated power and tortured or killed anybody who disagreed with him. In the 1960's the word 'Shah' was synonymous with 'torture'. This is why the Iranians don't particularly like the U.S.

It is therefore ironic that in the early 1970's the Shah nationalized the oil companies anyway. We grumbled a bit, but let him. He gave us long term contracts in exchange, and we really didn't want to mess with him, as he had created the largest military machine in the middle east due to our continued financial support. It was also more important for us to maintain our CIA listening posts and airbases near the Soviet Union than it was to defend the oil conglomerates again. This turned out to be a reasonable decision as Iran was the only Arab country that sent us oil during the 1973 Arab oil embargo; which was to protest our backing of Israel in the Arab-Israeli war earlier that year. The Iranian people would've preferred to join the embargo, but they had no say in the matter. The Shah had absolute control.    

All of this is why the Iranians would never allow a U.S. installed government to exist again. And it is why we have no other choice but to wipe the country off the face of the earth if current negotiations fail. 

What a mess we've created.