2010 May 24, 6:26"What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors," by Jon Howell and Stuart Schechter.
"We introduce the sensor-access widget, a graphical user interface element that resides within an application's display. The widget provides an animated representation of the personal data being
collected by its corresponding sensor, calling attention to the application's attempt to collect the data."
2010 May 10, 8:43Charles Stross on the intersection of ebooks and the publishing industry. Includes the answer to the misinformed question "why are you charging so much for access to the file your authors emailed
you?" Also includes this quote on Cory Doctorow "... Cory is a Special Snowflake with EFF superpowers and New York Times Bestseller mojo which make him immune to the normal laws of man and nature."charles-strosscory-doctorowebookdrmamazonpublishingkindleapplebook
2010 May 6, 7:25Another subset of javascript and DOM access to make a sandbox: "FBJS is Facebook's solution for developers who want to use JavaScript in their Facebook applications. We built FBJS to empower
developers with all the functionality they need, and to protect our users' privacy at the same time."sandboxwebbrowserfacebookhtmljavascripttechnicalsecurityweb-sandbox
2010 May 6, 7:22"Caja allows websites to safely embed DHTML web applications from third parties, and enables rich interaction between the embedding page and the embedded applications. It uses an object-capability
security model to allow for a wide range of flexible security policies, so that the containing page can effectively control the embedded applications' use of user data and to allow gadgets to prevent
interference between gadgets' UI elements."securitywebbrowserweb-sandboxcajagooglejavascripthtmltechnical
2010 May 6, 7:16"Today web gadgets, mashup components, advertisements, and other 3rd party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many
modern web applications are intrinsically insecure, often with unpredictable service quality. Live Labs Web Sandbox addresses this problem."webbrowserweb-sandboxtechnicaljavascripthtmlwindowslivesecuritysandboxmicrosoftsilverlight
2010 May 2, 3:14"This document contains normative guidelines for web applications built by the Interface Development practice of Isobar North America (previously Molecular)." Glad to see coding styles and best
practices for HTML, CSS, JS, associated HTTP headers etc etc etccodecsshtmlhtml5javascriptwebbrowserprogrammingdevelopmenttechnicalvia:kris.kowal
2010 Apr 21, 1:47So... There's Downfall a 2004 film about the final days of Hitler's life. Then folks take the most dramatic scene and parody it with new subtitles having Hitler yell about various things like his
cell phone or Burning Man. It becomes a meme and meta Downfall parodies show up with Hitler yelling about the Downfall parodies. Now the studio producing the film has sent DMCA takedown notices to
Youtube and many of the videos are disappearing. In response is a new Downfall parody in which Hitler issues DMCA notices to Youtube...censorshiphitlerhumorcopyrightdmcaefflegalyoutubevideofairusememewebinternettechnical
2010 Apr 11, 2:16Lots of links, info, and thoughts on Apple's change to the iPhone SDK terms of service that now state "Applications must be originally written in Objective-C, C, C++, or JavaScript..." Means no other
languages or third party platforms...steve-jobsapplesdkapitoslegallawiphoneipodipadtechnical
I've just updated Encode-O-Matic with a Guess Input Encoding feature. When you start Encode-O-Matic or when you use the 'Guess
Input Encoding' menu item from the 'Tools' menu, Encode-O-Matic will try out various combinations of encodings and guess at which set seem to apply to your input. For instance given the following
text, Encode-O-Matic will correctly guess that it is percent encoded, base64 encoded, deflate compressed text:
It should work fairly well for simple things but I did pick 'Guess' for the name of the feature to intentionally lower
expectations. It doesn't currently apply to character encodings but that may be something to consider in the future.technicalencodeomatictoolencoding
2010 Apr 1, 2:42Its like a better version of what I was doing with my Web Frotz Interpreter. Its all client side javascript, HTML, & CSS to play Z-machine based interactive fiction games. They even do the saved
game in a URL piece.ifinteractive-fictiongamewebbrowserwebapp
2010 Mar 31, 7:54"Summary: Exploring cross-domain threats and use cases, security principles for cross-origin requests, and finally, weighing the risks for developers to enhance cross-domain access from web
applications running in the browser."technicalmsdnmicrosoftsecurityxssXMLHttpRequestwebbrowser
2010 Mar 26, 2:28"Widgets are client-side applications that are authored using Web standards, but whose content can also be embedded into Web documents."w3cspecwidgetwebapplicationtechnical
2010 Mar 23, 12:02"Trailer for the upcoming Weird Al Yankovic biopic. This film is sure to sweep next year's Academy Awards." humorvideoweird-alparodytrailer
2010 Mar 21, 3:22Google Calendar Sync is an Outlook plugin that syncs your Google and Outlook calendars (you get to pick 1way and direction or 2way sync'ing). This almost looks like what I want but perhaps my feature
requests are too obscure for someone to have already implemented them:
Events marked personal added on my Outlook calendar should get full 2-way sync'ing with my Google calendar.
All other events added on my Outlook calendar should be assumed to have private company information and should get 1-way sync'ing with just the time and location - no attendees or subject or
desceiption.
All events added on my Google calendar should get full 2-way sync'ing with Outlook and there should be marked personal.
I doubt I'm going to find a pre-made app to do this so I guess I should get coding. Otoh, if they ever bring the updated Android OS that has Exchange support to my G1 maybe none of this would be
necessary...googlecalendaroutlookmicrosofttoolfreetechnical
It was relatively easy, although still more difficult than I would have guessed, to hook my bespoke website's Atom feed up to Google Buzz. I already have a Google email account and associated
profile so Buzz just showed up in my Gmail interface. Setting it up it offered to connect to my YouTube account or my Google
Chat account but I didn't see an option to connect to an arbitrary RSS or Atom feed like I expected.
But of course hooking up an arbitrary Atom or RSS feed is documented. You hook it up in the same manner you
claim a website as your own via the Google Profile (for some reason they want to ensure you own the feed connected to your Buzz account). You do this via Google's social graph API which uses XFN or
FOAF. I used XFN by simply adding a link to my feed to my Google profile (And be sure to check the 'This is a profile page about me' which ensures that a rel="me" tag is added to the HTML on your
profile. This is how XFN works.) And by adding a corresponding link in my feed back to my Google profile page with the following:
So more difficult than I would have expected (more difficult than just an 'Add your feed' button and textbox) but not super difficult. And yet after reading this Buzz from DeWitt Clinton I feel better about opting-in to Google's Social API.
2010 Mar 11, 11:50Side by side comparison of the BSG+Sabotage mashup and the original Sabotage music video. Cool remix certainly although it really must be watched in this side by side comparison form to be
appreciated. By itself the remix isn't really coherent. bsgvideohumormusicmusic-videosabotagebeastie-boys
Some rights reserved