Some RSS readers are vulnerable to security exploits and other annoyances embedded in RSS/XML feeds. This morning, Phil showed me a proof-of-concept sample for Newsgator, the Outlook-based RSS reader, triggered by VBScript code in an RSS feed that e-mails a random person in your Outlook address book.

Other readers may not be vulnerable to Outlook-style hacks, but they can still be screwed up by Javascript. Try subscribing to this RSS feed I created with your reader of choice. Syndirella displays the popup window and crashes on the Javascript alerts. How about other readers?

Just to be clear, I’m not saying this is a serious issue. Users only subscribe to trusted RSS feeds, and feed providers are extremely unlikely to put malicious code in their feeds. It’s just interesting that it works.

My friend Mat Honan and his wife Harper have been backpacking across Southeast Asia for the past five months. While staying in Laos, the country sandwiched between Cambodia and Vietnam, they contracted the dengue virus, or “break-bone fever.” His weblog entry is a gripping survival story.

I stayed home sick from work today with a head cold and sore throat; now I feel like a big sissy.

Congratulations to my good friend “Crazy Uncle Joe” Utsler on the birth of his new daughter, Zöe Alexis Utsler. Welcome to the world, kid!

I followed a link from Boing Boing this morning to this Tripod-hosted Disney website, but was instead prompted with an error: “The Tripod page you are trying to reach has exceeded its hourly bandwidth limit. The site will be available again in 1 hour!”

The site’s owner can then pay Tripod for bandwidth upgrades. But why can’t the end user volunteer to pay the upgrade fees, so they can get to the information they want? Similarly, readers of Blogspot-hosted weblogs can’t volunteer to “gift upgrade” their favorite websites to Blogspot Plus accounts; only the site’s owner can upgrade.

Is there a good reason for limiting their revenue like this? Is there some sort of privacy issue I’m not aware of? It seems like a huge oversight.

As discussed in Rob Malda’s journal, Slashdot is considering allowing early access to pending Slashdot stories for premium subscribers. But who cares about seeing one or two stories an hour, 10 minutes before it goes live?

A much better idea would be to allow paid access to the massive Slashdot submission queue, a business model made popular by Fark and FuckedCompany. This would allow eager newshounds and journalists to access a real-time feed of unedited story ideas and breaking news items, updated hundreds of times an hour.