The Bloj

Fine, it’s a security hole. Get over it

Posted on January 31st, 2006 by Tim.
Categories: General/Misc..

WordPress 2.0 has a security hole that lets any user in the system post as any other user. This is obviously a security hole, and Liuigi obviously gets a kick out of posting as me. Congrats to Liugi the penetration tester.

In other news, I just realized a subtle reason why I don’t like Solaris. It lacks accessibility. Try to get a blind individual to use Windows with the accessibility tools. It’ll be a pain in the neck, but with screen readers and nearly universal keyboard accessibility in Windows, it’s possible. Now try the same thing in Solaris. For one thing, I’m currently writing from a Solaris SunRay, which I believe is a thin client system that runs X sessions from a central server. When logging on, the SunRay gives you the option of what server to log on to. No matter how hard I tried, I could not log on with just the keyboard. Nor can I do anything non-trivial using the keyboard alone. The menu at the top of this Firefox window have the first letters underlined, telling me they should be accessible from the keyboard, yet no matter what combinations/sequences of keys I press, I cannot activate those menus. Alt+F, Alt then F, Diamond thingy + F, Alt + Diamond + F… neti, neti. On top of this, there’s no equivalent of a screen reader for log in (such as is available in Windows). While it seems as if screen readers are available for X, it seems difficult to configure for the novice unix user (such as myself).

Maybe this is a bit of a trivial point to quibble over. Unix/Solaris is not intended as a desktop operating system. The only places I’ve seen that use Solaris on desktop computers are the people who work at Sun and the CSE department at Penn State. I do have to wonder, however, what the implications are for having desktops in a corporate/academic setting without accessibility support.

~Tim

1 comment.