Checking out at a grocery store to which I rarely go, the cashier asks me if I want an
Albertson's card. I respond sure and she hands me the form on which I give up my personal information. I ask if I need to fill this out now, and she says yeah and it will only take two minutes,
which surprised me because at QFC they just hand me a new card and send me on my way. I fill in my phone number as the first ten digits of pi so I don't have to worry about getting phone calls but
its something I can remember next time I'm there and don't bring the card.
I turn to leave and the cashier asks me is that a '759' or '159' in my phone number. I stop for a second because I only know the digits as a sequence from the start and pause long enough reciting it in my head that its clear its not my phone number. And she calls me out on it: "Is that your real phone number?" I sigh, "No, does it have to be? Are you going to call me?" "Yeah," she says, "I'll call you." (ha ha) "Well I'll try entering this number," she says doubting the computer will accept the fake phone number. "On the number's already registered," she says, "So you already had a card." "No," says the manager who had walked up during for this exchange, "It means someone else used that same number." So the moral of the story is, try your fake phone number before trying to use it to get a new card.
In honor of Google Chrome's recent v2 release and because I read they don't make too big a deal about version numbers, I thought to create a graph of browser major version numbers over time.
Yeah that's not too useful of a graph. I got the release dates from Wikipedia of course.
As you can see from the graph, Netscape and Opera are leading all other browsers in terms of major version number. The other browsers really need to get on that.
Sarah and I have a new place in Redmond and we'll be moving
there in a few weeks. Exciting! Incidentally, when researching the place on the Internet I found that the nearby park used to be a radar site for the Project Nike missile system in the fifties.
Fun!
Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
Netflix lets you watch a subset of their movies online via their website and a subset of those movies are available to watch on the Xbox 360's Netflix app. so its not always easy to find movies to watch on Xbox 360. Yet, I regularly see my Xbox friends using the Netflix app and its a shame they didn't make an easy way to share movie recommendations with your friends. Instead we must share movie recommendations the old fashioned way. Here's the movies I've found and enjoyed on my 360.
I've made a QR Encode accelerator around Google Chart's QR code generator. QR codes are 2D bar-codes that can store (among other things) URLs and have good support on mobile
phones. The accelerator I've written lets you generate a QR code for a selected link and view it in the preview window. In combination with the ZXing
bar-code scanner app for my Android cellphone, its easy for me to right click on a link in IE8 on my desktop PC, hover over the QR Encode accelerator to have the link's associated QR code
displayed, and then with my phone read that QR code to open my phone's browser to the URL contained inside. Its much easier to browse around in the comfort of my desktop and only send particular
URLs to my cellphone as necessary.
A while ago I promised to say how an xsltproc Meddler script would be useful and the general answer is
its useful for hooking up a client application that wants data from the web in a particular XML format and the data is available on the web but in another XML format. The specific case for this
post is a Flickr Search service that includes IE8 Visual Search Suggestions. IE8
wants the Visual Search Suggestions XML format and Flickr gives out search data in their Flickr web API XML format.
So I wrote an XSLT to convert from Flickr Search XML to Visual Suggestions XML and used my xsltproc Meddler script to actually apply this xslt.
After getting this all working I've placed the result in two places: (1) I've updated the xsltproc Meddler script to include this XSLT and an XML file to install it as a search provider - although you'll need to edit the XML to include your own Flickr API key. (2) I've created a service for this so you can just install the Flickr search provider if you're interested in having the functionality and don't care about the implementation. Additionally, to the search provider I've added accelerator preview support to show the Flickr slideshow which I think looks snazzy.
Doing a quick search for this it looks like there's at least one other such implementation, but mine has the distinction of being done through XSLT which I provide, updated XML namespaces to work with the released version of IE8, and I made it so you know its good.
Some rights reserved