This file is indexed.

/usr/share/php/tests/Horde_Feed/Horde/Feed/fixtures/lexicon/http-www.hutteman.com-weblog-rss.xml is in php-horde-feed 2.0.1-4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?xml version="1.0" encoding="iso-8859-1"?>
<rss version="2.0" 
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
    xmlns:admin="http://webns.net/mvcb/"
    xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    
    xmlns:content="http://purl.org/rss/1.0/modules/content/">

  <channel>
    <title>Luke Hutteman's public virtual MemoryStream</title>
    <link>http://www.hutteman.com/weblog/</link>
    <description>Luke Hutteman on Java, .NET, J2EE, RSS and whatever else comes to mind...</description>
    <dc:language>en-us</dc:language>
    <dc:rights>Copyright 2008</dc:rights>
    <dc:date>2006-10-02T21:21:07-05:00</dc:date>
    <admin:generatorAgent rdf:resource="http://www.movabletype.org/?v=3.33" />
    <sy:updatePeriod>hourly</sy:updatePeriod>
    <sy:updateFrequency>1</sy:updateFrequency>
    <sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
    <image>
      <title>public virtual MemoryStream</title>
      <url>http://www.hutteman.com/pvm.png</url>
      <link>http://www.hutteman.com/weblog/</link>
      <width>88</width>
      <height>31</height>
      <description>Luke Hutteman on Java, .NET, J2EE, RSS and whatever else comes to mind...</description>
    </image>
    

    <item>
      <title>Firefox vulnerability</title>
      <link>http://www.hutteman.com/weblog/2006/10/02-251.html</link>
      <description>A few weeks ago, Microsoft had its VML zero day exploit; this week, it's Firefox's turn. Obviously, as more people are switching from Internet Explorer to Firefox, hackers are doing the same. The thing that struck me about this particular problem was that the hackers gave no advance warning to Mozilla prior to their presentation, and The hackers claim they... (224 words)</description>
      <guid isPermaLink="false">251@http://www.hutteman.com/weblog/</guid>
      <content:encoded><![CDATA[<p>A few weeks ago, Microsoft had its <a href="http://www.microsoft.com/technet/security/advisory/925568.mspx">VML zero day exploit</a>; this week, it's <a href="http://news.zdnet.com/2100-1009_22-6121608.html">Firefox's turn</a>. 
</p><p>
Obviously, as more people are switching from Internet Explorer to Firefox, hackers are doing the same.
</p><p>
The thing that struck me about this particular problem was that the hackers gave no advance warning to Mozilla prior to their presentation, and 

<blockquote>
The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding onto the bugs.
</blockquote>

why are they holding on to them? one of the hackers explains:

<blockquote>
what we're doing is really for the greater good of the Internet. We're setting up communication networks for black hats
</blockquote>

for the greater good of the Internet? yeah right. 
</p><p>
The scary thing is though that one of the hackers works for <a href="http://www.sixapart.com/">Six Apart</a>, the company behind popular blogging software like <a href="http://www.movabletype.com/">Movable Type</a>, <a href="http://www.livejournal.com/">Live Journal</a> and <a href="http://www.typepad.com/">Typepad</a>. 
</p><p>
Six Apart needs to do some major damage control, fire this guy immediately and review all code he may have had access to. It doesn't exactly ease my mind to know my weblog is running on code this guy may have had access to. Maybe it's time to move to <a href="http://wordpress.com/">WordPress</a>...
</p><p>
<b>UPDATE:</b> it looks like this may have just been <a href="http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/">a hoax</a>. Still not exactly good publicity for six apart though...
</p>]]></content:encoded>
              <category>Miscellaneous</category>
      
      <dc:date>2006-10-02T21:21:07-05:00</dc:date>
            <slash:comments>4</slash:comments>
      <comments>http://www.hutteman.com/weblog/2006/10/02-251.html#comments</comments>
      
    </item>
    <item>
      <title>SharpReader 0.9.7.0</title>
      <link>http://www.hutteman.com/weblog/2006/08/02-250.html</link>
      <description>SharpReader 0.9.7.0 is now available at sharpreader.net. Changes since the last version are: Run internal browser in restricted security zone in order to make IE responsible for blocking restricted content, instead of just doing so by parsing and stripping tags. Allow embedded CSS styles in item descriptions (was previously disabled because of javascript exploits that are now caught because of... (128 words)</description>
      <guid isPermaLink="false">250@http://www.hutteman.com/weblog/</guid>
      <content:encoded><![CDATA[<p>SharpReader 0.9.7.0 is now available at <a href="http://www.sharpreader.net">sharpreader.net</a>.
<p>Changes since the last version are:
<ul>
	<li>Run internal browser in restricted security zone in order to make IE responsible for blocking restricted content, instead of just doing so by parsing and stripping tags.</li>
	<li>Allow embedded CSS styles in item descriptions (was previously disabled because of javascript exploits that are now caught because of the security zone).</li>
	<li>Support both &lt;commentRSS&gt; as well as &lt;commentRss&gt; as there was some <a href="http://wellformedweb.org/news/wfw_namespace_elements/"> confusion</a> as to the proper capitalization of this element.</li>
	<li>Fixed linebreak handling for some feeds.</li>
	<li>Improved handling of relative urls in atom feeds (like <a href="http://www.intertwingly.net">Sam Ruby</a>'s feed for instance).</li>
	<li>Now displaying enclosure links at the bottom of the item description.</li>
	<li>Fixed installer to no longer complain if only .NET 2.0 is installed.</li>
</ul>
]]></content:encoded>
              <category>RSS</category>
              <category>SharpReader</category>
      
      <dc:date>2006-08-02T23:50:31-05:00</dc:date>
            <slash:comments>59</slash:comments>
      <comments>http://www.hutteman.com/weblog/2006/08/02-250.html#comments</comments>
      
    </item>
    <item>
      <title>Spammers using Google links</title>
      <link>http://www.hutteman.com/weblog/2006/05/05-249.html</link>
      <description>In my &quot;Spam Suspects&quot; email folder today, I noticed some spam which used Google as a redirection service, by linking to http://www.google.com/url?q=http://www.somespamsite.com. When trying this technique with some other site, I found that google responds to this query with a 302 redirect to the site in question. Clearly, the spammer was using this system to lure people who trust Google... (176 words)</description>
      <guid isPermaLink="false">249@http://www.hutteman.com/weblog/</guid>
      <content:encoded><![CDATA[<p>In my "Spam Suspects" email folder today, I noticed some spam which used Google as a redirection service, by linking to http://www.google.com/url?q=http://www.somespamsite.com. When trying this technique with <a href="http://www.google.com/url?q=http://www.microsoft.com">some other site</a>, I found that google responds to this query with a <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3">302</a> redirect to the site in question. Clearly, the spammer was using this system to lure people who trust Google into visiting their site.</p>

<p>What I don't understand is why Google needs a public redirect system like this that is so obviously open to abuse. The google.com/url?q=... page doesn't seem to accept anything but already fully specified urls, so the sole purpose of this page is to do redirects.</p>

<p>The only reason I can think of for them needing a service like this is if they serve up one in a thousand search-results pages with redirect links, in order to log what people actually click on. If this were the case though, why not at least check the referrer to see if the user actually came from a google.com page? Am I missing something here?</p>]]></content:encoded>
              <category>Miscellaneous</category>
      
      <dc:date>2006-05-05T21:13:41-05:00</dc:date>
            <slash:comments>16</slash:comments>
      <comments>http://www.hutteman.com/weblog/2006/05/05-249.html#comments</comments>
      
    </item>
    <item>
      <title>Support the fight against diabetes</title>
      <link>http://www.hutteman.com/weblog/2006/03/26-248.html</link>
      <description>Scott Hanselman and his wife will be joining the walk for diabetes on May 6 2006. They've set a goal of raising $10,000 for this event and could use your help in reaching that goal. I encourage all of you to go to Scott's blog to find out more about this worthy cause, or go directly to diabetes.org to make... (64 words)</description>
      <guid isPermaLink="false">248@http://www.hutteman.com/weblog/</guid>
      <content:encoded><![CDATA[<p>Scott Hanselman and his wife will be joining the walk for diabetes on May 6 2006. They've set a goal of raising $10,000 for this event and could use your help in reaching that goal. I encourage all of you to go to <a href="http://www.hanselman.com/blog/TeamHanselmanAndDiabetesWalk2006.aspx">Scott's blog</a> to find out more about this worthy cause, or go directly to <a href="http://walk.diabetes.org/site/TR?pg=personal&fr_id=3418&px=2784611">diabetes.org</a> to make your donation. Thank you.</p>]]></content:encoded>
              <category>Miscellaneous</category>
      
      <dc:date>2006-03-26T23:41:36-05:00</dc:date>
            <slash:comments>1</slash:comments>
      <comments>http://www.hutteman.com/weblog/2006/03/26-248.html#comments</comments>
      
    </item>
    <item>
      <title>Digg manipulation</title>
      <link>http://www.hutteman.com/weblog/2006/03/17-247.html</link>
      <description>Silicon Valley Sleuth reported this morning how several stories about Google buying Sun suspiciously made it to the front page of Digg.com. These &quot;baseless rumours&quot; were all submitted and promoted by a small group of Digg members that seemed to be working together. I found this story through Digg itself, where it was posted on the front page. It later... (381 words)</description>
      <guid isPermaLink="false">247@http://www.hutteman.com/weblog/</guid>
      <content:encoded><![CDATA[<p><a href="http://www.siliconvalleysleuth.com/2006/03/digg_is_used_fo.html">Silicon Valley Sleuth</a> reported this morning how several stories about Google buying Sun suspiciously made it to the front page of <a href="http://www.digg.com">Digg.com</a>. These "baseless rumours" were all submitted and promoted by a small group of Digg members that seemed to be working together.
</p><p>
I found this story through <a href="http://www.digg.com/technology/Digg_is_used_for_Sun_stock_manipulation">Digg itself</a>, where it was posted on the front page. It later mysteriously disappeared from Digg though, and a <a href="http://www.digg.com/search?search=http%3A%2F%2Fwww.siliconvalleysleuth.com%2F2006%2F03%2Fdigg_is_used_fo.html&submit=Search&area=all&type=both&age=60&search-buried=on">URL search</a> indicated that the story was since marked as "buried".
</p><p>
<a href="http://diggtheblog.blogspot.com/2006/02/small-update.html">The Digg Blog</a> says the following about this burying feature:
</p>
<blockquote>
Digg now allows logged in users to bury stories as 'inaccurate'. Once enough people bury the story, it is removed from the queue and the following banner is displayed at the top:<br><br>
<img src="http://photos1.blogger.com/blogger/4139/1647/400/warning.jpg"><br><br>
</blockquote>
<p>
No banner is displayed though, which makes me wonder if it was buried because enough people marked it as inaccurate (the same people who were promoting these Google+Sun stories maybe?) or whether an admin removed it in an effort to hide how easily Digg can be manipulated. There's currently an update on Silicon Valley Sleuth stating that it seems unlikely the Digg system was actually manipulated in this case, but this update wasn't there when the story was buried, and also doesn't make the theoretical possibility of this happening any less likely.
</p><p>
Due to the automated nature of Digg (which uses user-votes to determine how prominently to display a story) it certainly seems possible for a group of people to get together and promote stories in order to get them onto the coveted front page, while at the same time burying stories they don't like. Worse than that, what would stop someone from automating this process and creating a couple hundred accounts for this purpose? To reduce suspicion, these accounts could digg random stories from time to time, or even undigg stories once they've made it to the front page.
</p><p>
If this is not going on already, I predict it will soon. Compared to the trouble BlogSpammers are going through in order to game sites like Google, DayPop or Blogdex, gaming Digg seems relatively easy. While Digg claims to <a href="http://www.businessweek.com/the_thread/blogspotting/archives/2006/03/digg_argues_it.html">have ways to prevent manipulation</a>, one can't help but wonder whether it's enough, and I'm sure there are plenty of spammers out there just dying to beat the system...
</p>]]></content:encoded>
              <category>Blogging</category>
      
      <dc:date>2006-03-17T22:28:21-05:00</dc:date>
            <slash:comments>6</slash:comments>
      <comments>http://www.hutteman.com/weblog/2006/03/17-247.html#comments</comments>
      
    </item>


  </channel>
</rss>