After upgrading my Arch desktop, I suddenly had a brand new Firefox version installed. One of the new features in Firefox 3.6 is a thing called “Personas”.

After reading a bit I found it to be a *very* simple way to build your very own Firefox theme. All you need to create are two images. That's it.

Of course I had to try it. And what's better than tentacles? Right, tentacles in your browser!

Get the Tentacle Theme now and enjoy a browser matching the one and only website:

Similar posts:

• Your Questions Answered #5
• It's alive!
• Universal Edit Button Update

Okay, I'm probably one of the last people who went to see the Avatar movie. But I had really try hard for this one.

First friends asked us go go with them, but in the last moment we found out they had tickets for the German version only. I didn't want to spoil the fun with German dubbing. Then I tried to preorder some tickets but that didn't work so we went to the cinema on good luck. Of course we had none and it was sold out. The next day we wanted to go, the movie wasn't scheduled. So we finally got tickets for Sunday night. Not ideal but I really wanted to see that movie.

And boy, am I glad I did!

This was exactly as I always thought cinema would be in the year 2010. The 3D simply blew me away.

You probably read a lot about the Avatar story elsewhere so I will not bore you about it. It's not the exactly the most innovative story you've ever heard, but it isn't bad either. But the graphics of Avatar on the other hand are fantastic.

And that's not just that is in 3D. It would still be a graphically overwhelming film in 2D. The creatures and plants of the alien world Pandora are so full of details. The animal's movements are extremely realistic. But the most fascinating thing was that I could no longer tell how something in the movie was created. I mean, I couldn't tell if something was classical matte painting, 3D animation, real cinematography or painted models. All these techniques fused together to create an amazing experience.

So if you haven't seen this movie yet - go see it. There will be a lot more 3D movies over the next years, but this one is the start of a new era of cinema and you really should not miss it!

I don't like Winter or snow. But with several layers of clothing and the snow being white and powdery instead of gray and muddy I can appreciate its beauty.

Kaddi and me spent a long weekend in Braunlage (Harz) and enjoyed a marvelous “Winter Wonder World”.

It was wonderful, but I'm looking forward to Spring, now .

@tante asked for a logo for his new podcast named tentaclepr0n and this was just an opportunity for a ridiculous blog post title that was too good to pass .

Here's the Inkscape SVG file: tentaclepr0n.svg – licensed under CC-BY-SA.

If you're running a DokuWiki, you probably already noticed that we had two security alerts in the last few days.

If not, check out the bugreports 1847 and 1853 immediately. 1847 is especially ugly and exploit code has been seen in the wild.

What happened? Well, basically I messed up. All bugs are in the new ACL Manager introduced in 2008-05-05. I will not go into details¹⁾. In short, a combination of missing to sanitize a path and a spelling error was cause for the graver error. Evaluating the affected code then led to finding another problem caused by a missing security measurement against CSRF attacks.

I apologize, these were clearly my mistakes.

Now, can this happen again? Unfortunately, yes. These were not errors made because I didn't knew better. On the contrary - I introduced Anti-CSRF functions in DokuWiki a while ago and I'm fully aware about the “don't trust user input”-mantra. It was simply human failure and nobody noticed it for more than a year.

In theory OpenSource software is more secure, because everybody can look at the code and quickly identify security flaws. And in fact that is probably how these flaws were detected. Unfortunately the number of eyeballs looking at the source code is still very low.

And this is probably even more true for my code. I do have a look at all code that is submitted to the DokuWiki project and thus will also look for possible security bugs. Unfortunately this is not true the other way round. There is no guarantee that someone reads what I checked into the revision control system. Even though we have a daily changelog mail to mailing list.

If you are a developer, please understand that even though I'm the project lead, I do make errors. I beg you to distrust my code. Have a look at everything I check in and tell me when I mess up.

DokuWiki is still very good code and generally secure. But if security flaws are found, we fix them. Usually in less than 24 hours. That's all we can do.

If you run DokuWiki be sure to keep the update check enabled and upgrade as soon as a fix is available.

PS: If this blog post works, more people will audit the DokuWiki source code. So don't be surprised if more security alerts pop up. I know it's annoying but it makes the software more secure eventually.