Onism: how much of the world have you seen?

onism – n. the frustration of being stuck in just one body, that inhabits only one place at a time, which is like standing in front of the departures screen at an airport, flickering over with strange place names like other people’s passwords, each representing one more thing you’ll never get to see before you die-and all because, as the arrow on the map helpfully points out, you are here.

Ironically due to our connected world we’re all the more aware of the blank spots in our maps.

WP Super Cache 1.4.5

WP Super Cache is a fast caching plugin for WordPress. It will help your site run faster and serve more traffic.

This is a security and bugfix release.

  • Some servers display a directory index when no index.html is found in a directory. That may reveal the filenames of cache files.
  • There were issues in the settings page that might allow an attacker to browse or delete files named index.html.
  • PHP Object Injection could occur if an attacker managed to inject malicious code into the legacy cache meta files.

When you upgrade, your “legacy cache” files for logged in users will be deleted. This may have an impact on your site:

  • If your site is slow at generating new pages.
  • If you have many known users (logged in users or people who comment).

Your site will suddenly have to generate new cache files for all visiting known users.

Relying on caching like this is not recommended for these types of users as it’s very inefficient. Each user has a separate cache file that must be checked whenever the plugin does administration work like cleaning up stale cache files.

If most of your traffic is anonymous users who don’t comment you don’t need to worry about this.

Directory Listings

If a server is configured to show directory listings it will show files and directories in the cache directory to visitors who access those directories directly through their browser. This might reveal private posts, and in the case where legacy caching is enabled for known users the login cookie was stored in “.meta” files that could be downloaded.


Files named “index.html” were added to the main cache directories to stop remote users viewing the contents of the cache directories. Unfortunately it’s not possible to add empty index.html files to the supercache directories because those files could be served by accident to legitimate visitors of the site. However, the plugin will also add a directive that disables directory listings to the file cache/.htaccess. You can now also change the location of the cache directory on the Advanced Settings page of the plugin. If you can’t disable directory indexing on your server and you have private posts you should change this location and use PHP mode to serve cache files.


If a directory index is found in the cache directory it will show a warning like this to administrators:

index.html warnings

Clicking the logout link will log everyone out, except the user who clicks it, but it guarantees that the login cookies are updated, just in case someone has copied the cookie from an old meta file.

Directory Traversal and File Deletion

User input in the settings page wasn’t properly sanitised. The code that sanitised directory paths when deleting cache files wasn’t secure and might allow an attacker to view or delete files named index.html. Deletes are protected by a nonce, limiting the useful lifetime of the URL however.

PHP Object Injection

The plugin used serialize and unserialize to store data in “legacy cache” meta files. This might be used to perform a PHP object injection attack. Serialised data is now stored as JSON data.

The format of legacy cached files has changed. The files in the meta directory no longer have a .meta extension. They are .php files now and each file has a “die()” command to stop anyone loading them.
The data stored in those files is now stored as JSON serialised data. The login cookie is an MD5 hash now as well.
When you upgrade the plugin your existing legacy cache files will be deleted and regenerated as visitors use your site.

Apart from those security fixes there have been a number of enhancements and bugfixes:

  • Disabling the plugin no longer deletes the configuration file. Uninstalling will do that however.
  • Enhancement: Only preload public post types. Props webaware.
  • It’s now possible to deactivate the plugin without visiting the settings page.
  • Fixed the cache rebuild system. Rebuild files were deleted immediately but now survive up to 10 seconds longer than the request that generate them.
  • Minor optimisations: prune_super_cache() exits immediately if the file doesn’t exist.
  • The output of wp_cache_get_cookies_values() is now cached per visit.
  • Added PHP pid to the debug log to aid debugging.
  • Various small bug fixes.
  • Fixed reset of expiry time and GC settings when updating advanced settings.
  • Removed CacheMeta class to avoid APC errors. It’s not used any more.
  • Fixed reset of advanced settings when using “easy” settings page.

This release wouldn’t be possible without the help of Brandon Kraft, Dane Odekirk, Ben Bidner, Jouko Pynnönen and Scrutinizer. Thank you all!

Sky obviously never check their customer surveys

Someone used my gmail address when they signed up for Sky Television. They must have lots of spare time and money to burn as they’re getting the “Variety with Sports & Movies” package at 83 Euro a month. Yikes.

I filled in the Sky customer survey a few times but they appear to have been ignored. One more time then.

Their emails aren’t really helpful, but Gmail does somehow know how to unsubscribe from Sky emails. I’ve sent Sky a reply telling them they have the wrong email for this account. Updates in the comments if I hear back from them!

You received this because you enquired about subscribing or subscribe to Sky. If you have received this email in error, please accept our apologies.

Sky Survey

Sky Survey Results

Why the hell is sitting so bad for us?

The numbers are scary. Sitting really seems to be bad if the observational studies and meta analysis studies are to be believed. Sitting for lengthy periods of time contributes to all sorts of nasty diseases like cancers and heart disease. It’s a wonder I’ve reached this age at all!

It doesn’t matter how much you exercise, it has no effect on how bad sitting is for you. You’re better off getting up and walking around for 2 minutes every half hour or hour than doing that intensive hour of walking in the morning. (damn)

And the findings were sobering: Every single hour of television watched after the age of 25 reduces the viewer’s life expectancy by 21.8 minutes.

By comparison, smoking a single cigarette reduces life expectancy by about 11 minutes, the authors said.

Looking more broadly, they concluded that an adult who spends an average of six hours a day watching TV over the course of a lifetime can expect to live 4.8 years fewer than a person who does not watch TV.

Get Up. Get Out. Don’t Sit.

I’m just glad I have a standing desk but I need to use it more often in it’s elevated position.

Varidesk Pro Plus

I have no idea why sitting is bad for you. The video above suggests a few reasons but it’s all speculation.

Via this Reddit thread.

Steak, cream and fat are healthy for you!

Years ago I remembered watching a Woody Allen movie where scientists in the future laughed at our views on eating a diet rich in fat and greasy food. Apparently that movie is “Sleeper” but I don’t remember the rest of it!

‘Course since then the advice about fat has changed somewhat and sugar is now the big bad food stuff we should avoid but I think everything in moderation is probably the best for most people.

Yes, this video is a camera recording a Youtube video on a computer monitor and uploaded to Youtube again. Odd.

Good vibrations: looking for geopathic stress

I’ve become a rather sceptical person of late. Any mention of cancer cures, or advice from someone who thinks they can cure the common cold will unfortunately cause me to raise my eyes to heaven.

A Guardian article on geopathic stress reminded me that this form of quackery was one of the first to come to my attention. It was back in 2003. At first I was dubious but I asked, “does anyone know anything about this?”

Unfortunately the comments descended into farce with Joe, the guy who told me about geopathic stress, spamming the post with fake comments all from the same IP range. I don’t like to see businesses go out broke and end, but for quacks I’ll make an exception. His website isn’t to be found any more.

Thanks Cork Skeptics for sharing the Guardian article! I’m part of Cork Skeptics, so if you’re on Facebook like our page and watch out for events. There’s also the blog you can follow, and it’s on WordPress.com too. :)

Solving the mysterious light in Blarney

Back in 2013 local school children created a “flash mob” and danced in the village square in Blarney. Local photographer Pat Falvey was on hand to capture the scene on video.

Near the start of the video he noticed a flash of light coming from a woman on the right of the frame. You might have to watch the start of it a few times as it flashes by in about 1.5 seconds. Intrigued, I took a closer look.

Using this site I watched the video frame by frame. You can see an object appear on the right:

Screen Shot 2015-08-05 at 18.31.41

In the next frame it’s after moving over a little bit.

Screen Shot 2015-08-05 at 18.31.59

And again, it has moved.

Screen Shot 2015-08-05 at 18.32.16

Using my advanced photography skills I cropped the location of the object to isolate it and zoom in:

Screen Shot 2015-08-05 at 18.32.16-1

Screen Shot 2015-08-05 at 18.32.16-2

Screen Shot 2015-08-05 at 18.32.16-3

Screen Shot 2015-08-05 at 18.32.16-4

I thought I could see something there now but it needed further enhancement …

Screen Shot 2015-08-05 at 18.32.16-5

Screen Shot 2015-08-05 at 18.32.16-6

Screen Shot 2015-08-05 at 18.32.16-7

OH WOW! I couldn’t believe it! I thought it was just a leaf but Blarney had been visited by the Starship Enterprise and nobody had even noticed! I was there that day and it had completely escaped my notice!

It was a seed actually. It was one of those seeds with wings. We used to call them helicopter seeds but they’re the seeds of the Maple tree apparently. You can see the seed flutter to the ground after a few frames.

Stephanie Shirley: Software Pioneer

Stephanie Shirley: Software Pioneer

I’d never heard of Stephanie Shirley until I heard this BBC interview with her. As a five year old she escaped the Nazis in Germany, escaping to Britian in a Kindertransport. She founded a software company in 1962 that only hired women. It allowed employees to work from home, a practise that is much more common now than it was then. At the time women were not always welcome in the workplace, especially after they married or had kids, so this was an exceptional change. Ironically, equality legislation years later forced them to hire men!

In her personal life, her son Giles was autistic. Caring for him caused her to have a nervous breakdown as she tried to run her business too but she has poured huge sums of money into autism research and in her retirement has given away most of her £150m wealth.

To help Giles and others like him, she first established the Kingwood Trust to support young adults with autism, and more recently started the Prior’s Court School in Berkshire. “It is actually the biggest single project,” she says. “It took five years of my life. That’s the one I dreamed about.” It aims to help autistic children into mainstream education or some form of employment by using innovative techniques in art, music and sport.

The Shirley Foundation has spent or allocated around £50m in recent years – putting it among Britain’s top grant-giving foundations – with 70% going to autism-related work, from the first online conference on autism to yet another start-up, the Welsh support network Autism Cymru.

She also spoke at TED which she talked about her life.

If you want to hear about a remarkable woman, listen to this podcast and watch her on the TED stage.