Yesterday I reported two vulnerabilities in a large web proxy product, 15 minutes later I got a call from a guy in Texas. It was 10pm there. Now that's dedication. What your fastest response?

Here are some URL's that can be used to demonstrate the Adobe Acrobat XSS vulnerability to people, and hopefully get them to patch.

• Short - http://tinyurl.com/yjeeoc
• Long - /docs/pdf_check.pdf#blah=javascript:alert('Please go to http://www.adobe.com/products/acrobat/readstep2.html and update your copy of Acrobat reader, you are vulnerable to a rather serious exploit.');location.href='http://www.adobe.com/products/acrobat/readstep2.html'

As an interesting aside, it seems Google has added the following HTTP header to requests for PDFs from their servers:

Content-Disposition: attachment;

This forces PDFs to be opened outside of the browser. Nice work Google.

VMWare will run on an openMosix node, but instances cannot be migrated across nodes, nor will VMWare be aware of the other nodes. I mention this so that you do not waste your time, as I have, based on information in the openMosix wiki which states the exact opposite:

If you intend to run VMWare under openMosix so that openMosix would load-balance several instances of that (yes, that works).

Just to be clear, the above is untrue, as confirmed both by my testing and Moshe Bar's comments. Moshe being the founder of openMosix:

On Thu, 12 Jan 2006, Moshe Bar wrote:
I would think it's next to impossible to migrate vmware instances simply because of Vmware's architecture. Vmware scans the exucutable [sic] VM pages of the virtual machine ahead of execution and replaces call to ring 0 of the CPU with system calls and pointers to it's own software. I doubt if a Vmware machine would be able to run on the remote node after migration.