No luck! The zip code probably passes through some postprocessing and I’ll first try injecting some HTML into the zip code parameter. URL like the zipcode and the number of snow days. There are a lot! It looks like the page displays parts directly derived from the So we can probably give him some leeway here :) The Bugįirst, see if you can spot some likely candidates for a reflected XSS attack: Type of school, and the number of snow days this year. Popular web app for predicting the chance of a snow day, based on zip code, Owner through the site’s contact form and on Twitter, and have yet to Note: This vulnerability is currently unfixed. Bonnie & Clyde might have had "right to be forgotten.Tl dr: PHP’s type coercion and unescaped use of the page’s snowdays parameter allows injecting arbitrary HTML and Javascript via a reflected XSS attack.
Netflix looking to hire 'Chaos Engineer'.Namifying has gotten out of controlify.Patent issued for filming a yoga class seems a stretch.Google Internet balloon drops in on farmer.The Onion's 10 greatest gags about Google.1987: Steve Jobs explains the mouse to Playboy.Let's help 2 IT guys find a 1990s photo."What do I do if my Internet pipes freeze?".You can follow me on Twitter here and on Google+ here. And, if you’d like to receive Buzzblog via e-mail newsletter, here’s where to sign up. Here are a few more recent buzzblog items. I predict that traffic to the Snow Day Calculator will be heavy. There's another big storm coming Saturday night into Sunday. “I'm suing also a lot of swearing from those who feel their snow-day affections have been toyed with.You have really been letting me down lately :( “.“What a cool app: I would have obsessed over this as a kid.”.never has it failed my sister and I in our high school years.”.is my most visited website this winter.”.I'll never question its magical abilities again.” SLUSH DAY!!! I guess the Snow Day Calculator was right.On twitter, views of the Snow Day Calculator are mixed, and, as you might expect, appear to be swayed mightily by whether school is cancelled or not. However, the calculator will also report the highest prediction it gave for that day and in most cases it is correct to rely on that value as the correct prediction. The Snow Day Calculator only looks at the weather forward so as the storm passes the prediction necessarily goes down because it does not save what happened in the past. When you checked the prediction, did it say that it had decreased? So do you consider that a correct prediction, since "but possible?" (I was telling my kids I thought the chances were much higher, but I had the benefit of having been outside.)
(Monday) night when I checked SDC for my town, it told us 35% - or "little to no chance, but possible," according to your criteria. I don't actually get as much pressure to get the predictions right at MIT as I did back in high school and middle school. How are you doing recently in that regard?īeen perfect so far for MIT. Given that you're attending MIT, I would imagine that there is extra pressure to get your calls right in Cambridge. the predictions, especially for the Boston area have been pretty accurate this winter. More people from a wider area checking the site gives more chances to be wrong but at the same time more traffic means a bigger storm that is easier to predict the outcome. Is accuracy more difficult or easier under this type of snowy siege? That not making outbound connections to as frequently and static object CDN helps the core prediction servers stay up. Additionally, any static objects (images, css, js) are served from a CDN so as to not hit the core servers with many concurrent requests with each page load. To deal with load, there is intelligent weather data caching for at most 20mins. Traffic has been the highest it has been all of this winter and one day was almost double my previous daily max.Ĭould you tell us a little bit about the technology behind SDC?įrom a tech perspective, I have a LAMP stack that is set up to pull data from and my databases to make the most accurate and up to date predictions possible. What has traffic to SDC been like these past few exceptionally snowy weeks?
0 kommentar(er)
