2009 May 5, 9:38"If we started a movie on the day you were born, and stretched it over your lifespan, this is where you'd be in that movie. So if you're a teenager, you might see Luke arguing with Uncle Owen, or
Cameron making a phony phone call to Ed Rooney. If you're a retiree, you might see the Marshmallow Man, or Toto pulling away the curtain. And if you're in your mid-thirties, you might be relieved to
know that Ferris is still eating lunch, and the Millenium Falcon hasn't left Tatooine."
humor clock calendar health movie 2009 May 3, 10:26Seems very similar to that ShellExecute/Firefox app URL protocol handler exploit last year. "A vulnerability in the ChromeHTML URI handler allows an attacker to bypass the Same Origin Policy for any
site and also enumerate victims files and directories. When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user
interaction."
exploit security google chrome browser web url protocol 2009 May 3, 4:23"With Hyperwords for Firefox you can select any word on any web page and do useful things." That sounds useful -- he thought using his Delicious Accelerator in IE8 to bookmark the webpage. This has
existed since 2005?
mozilla firefox browser plugin extension via:ethan_t_hein 2009 May 3, 10:36
Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would
prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty
neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the
theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be
done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
technical stolen-thoughts csrf netflix security 2009 May 3, 9:17
Netflix lets you watch a subset of their movies online via their website and a subset of those movies are available to watch on the Xbox 360's Netflix app. so its not always easy to find movies to
watch on Xbox 360. Yet, I regularly see my Xbox friends using the Netflix app and its a shame they didn't make an easy way to share movie recommendations with your friends. Instead we must share
movie recommendations the old fashioned way. Here's the movies I've found and enjoyed on my 360.
-
Weeds
-
You don't have to be a stoner to enjoy this humorous and dramatic satire featuring a widow trying to raise her children and deal pot in suburbia.
-
Avatar The Last Airbender
-
An American animated series that's an amalgamation of various Asian art, history, religion, etc. that maintains a great story line.
-
Paprika
-
If you enjoyed Paranoia Agent you'll enjoy this movie in the same animation style and by the same director and
writer, Satoshi Kon. Its like a feature length version of a Paranoia Agent episode in which a dream machine lets outsiders view one's dreams but eventually leads to blurring the dreams and
reality.
-
Grindhouse Planet Terror
-
I didn't see either of the Grindhouse movies when they first came out, but of the two, Planet Terror is the more humorous and exciting gore filled parody.
-
Outsourced
-
A refreshing romantic comedy that still has a few of the over played tropes but is easy to enjoy despite that.
-
The King of Kong
-
A hilarious documentary on the struggle between the reigning champ hot-sauce salesman and the underdog Washington state high school science teacher to obtain the Donkey Kong world record high
score. After watching, checkout this interview with the creators of the movie and the
villain.
-
Primer
-
I've mentioned Primer before, but I put it on
here again because its really good and you still haven't seen it, have you?
movie personal netflix 2009 May 1, 12:09"If I'm reading the pop-up window correctly, domain registrar Godaddy recommends against purchasing .tv domain names because the island of Tuvalu, which the domain represents, is sinking."
humor dns domain godaddy tv via:boingboing 2009 Apr 22, 10:00Including music that's been otherwise sued out of existence.
video art politics copyright mp3 ip images law media 2009 Apr 20, 3:37Web service that hosts avatar images for things like blog comments. The image is ID'ed by a hash of the user's email address. Auto generated or if the user signs up, the image can be whatever they
upload. Lots of plugins for different blogging platforms.
blog web photo avatar image authentication identity icon hash 2009 Apr 20, 3:35Generate an icon for anonymous blog commentors that's easier to remember than an IP address.
blog anonymous web internet hash comment icon image avatar 2009 Apr 14, 9:26
I've made a QR Encode accelerator around Google Chart's QR code generator. QR codes are 2D bar-codes that can store (among other things) URLs and have good support on mobile
phones. The accelerator I've written lets you generate a QR code for a selected link and view it in the preview window. In combination with the ZXing
bar-code scanner app for my Android cellphone, its easy for me to right click on a link in IE8 on my desktop PC, hover over the QR Encode accelerator to have the link's associated QR code
displayed, and then with my phone read that QR code to open my phone's browser to the URL contained inside. Its much easier to browse around in the comfort of my desktop and only send particular
URLs to my cellphone as necessary.
technical boring accelerator android barcode ie8 google qr code 2009 Apr 10, 9:48
A while ago I promised to say how an xsltproc Meddler script would be useful and the general answer is
its useful for hooking up a client application that wants data from the web in a particular XML format and the data is available on the web but in another XML format. The specific case for this
post is a Flickr Search service that includes IE8 Visual Search Suggestions. IE8
wants the Visual Search Suggestions XML format and Flickr gives out search data in their Flickr web API XML format.
So I wrote an XSLT to convert from Flickr Search XML to Visual Suggestions XML and used my xsltproc Meddler script to actually
apply this xslt.
After getting this all working I've placed the result in two places: (1) I've updated the xsltproc Meddler script to include this XSLT and an
XML file to install it as a search provider - although you'll need to edit the XML to include your own Flickr API key. (2) I've created a service for this so you can just install the Flickr search provider if you're interested in having the functionality and don't care about the implementation. Additionally, to the
search provider I've added accelerator preview support to show the Flickr slideshow which I think looks snazzy.
Doing a quick search for this it looks like there's at least one other such implementation, but mine has the distinction of being done through XSLT which I provide, updated XML namespaces to work
with the released version of IE8, and I made it so you know its good.
meddler xml ie8 xslt flickr technical boring search suggestions 2009 Apr 7, 11:58
This past week I finished Anathem and despite the intimidating physical size of the book (difficult to take and read on the bus) I became very engrossed and was able to finish it in several orders of
magnitude less time than
what I spent on the Baroque
Cycle. Whereas reading the Baroque Cycle you can imagine Neal Stephenson sifting through giant economic tomes (or at least that's where my mind went whenever the characters began to explain
macro-economics to one another), in Anathem you can see Neal Stephenson staying up late
pouring over philosophy of mathematics. When not
exploring philosophy, Anathem has an appropriate amount of humor, love interests, nuclear bombs, etc. as you might hope from reading Snow Crash or Diamond Age. I thoroughly enjoyed Anathem.
On the topic of made up words: I get made up words for made up things, but there's already a name for cell-phone in English: its "cell-phone". The narrator notes that the book has been translated
into English so I guess I'll blame the fictional translator. Anyway, I wasn't bothered by the made up words nearly as much as some folk. Its a good thing I'm long
out of college because I can easily imagine confusing the names of actual concepts and people with those from the book, like Hemn space for Hamming distance. Towards the beginning, the description
of slines and the post-post-apocalyptic setting reminded me briefly of Idiocracy.
Recently, I've been reading everything of Charles Stross that I can, including about a month ago, The Jennifer Morgue from the surprisingly awesome amalgamation genre of spy thriller and Lovecraft
horror. Its the second in a series set in a universe in which magic exists as a form of mathematics and follows Bob Howard programmer/hacker, cube dweller, and begrudging spy who works for a
government agency tasked to suppress this knowledge and protect the world from its use. For a taste, try a short story from the series that's freely available on Tor's website, Down on the Farm.
Coincidentally, both Anathem and the Bob Howard series take an interest in the world of Platonic ideals. In the case of Anathem (without spoiling anything) the universe of Platonic ideals, under a
different name of course, is debated by the characters to be either just a concept or an actual separate universe and later becomes the underpinning of major events in the book. In the Bob Howard
series, magic is applied mathematics that through particular proofs or computations awakens/disturbs/provokes unnamed horrors in the universe of Platonic ideals to produce some desired effect in
Bob's universe.
atrocity archives neal stephenson jennifer morgue plato bob howard anathem 2009 Apr 7, 9:02
I'm a big fan of the concept of registerProtocolHandler in HTML 5 and in FireFox 3, but not quite the implementation. From a high level, it allows web apps to register themselves as
handlers of an URL scheme so for (the canonical) example, GMail can register for the mailto URL scheme. I like the concept:
- Better integration of web apps with your system.
- Its easy for web apps to do.
- Links to URNs can now take the user to the sites the user prefers for the sort of thing identified by the URN. For example, if I have a physical address in HTML, instead of making that an http
link to Yahoo Maps, I can make the link a geo scheme URI and those who follow the link will get their preferred mapping site that
has registered for that scheme. Actually, looking at the geo scheme's RFC, maybe I'd rather use some other URN scheme to represent the physical location, but you get the point.
However, the way its currently spec'ed out I don't like the following:
- There's no way to know if you are the handler for a particular URL scheme which is an important question for web app URL protocol handler authors.
- There's no way to fallback to an http URL in the case that a particular URL scheme isn't registered. A suggested solution to testing the registration of a scheme is for browsers to provide an additional script method
to check if a scheme is registered. I don't like the idea of writing script that walks over all my page's links and rewrites them based on that method. I'd much rather see a declarative and
backwards compatible fallback mechanism, although I don't know what that would look like.
- There's no way to register for a namespace within the urn scheme URI, the info scheme URI, or the tag scheme URI. I want to register
info:lccn/... (Library of Congress Card Number identifiers) to LibraryThing or Amazon and I want to register urn:duri:... (dated URIs) to the Web Archive, among other things.
- Will this result in a proliferation of unregistered URL schemes with clashing namespaces? The ESW Wiki notes why this would be bad.
- And last, although this is nitpickier than the rest, I don't like the '%s' syntax used in the registration method. I'd much rather pass in an URL template, like the URL template used
in OpenSearch. If an URL template is used for matching rather than registering against a particular URL scheme, this could also allow for registering a namespace within a URN. For example
something along the lines of:
registerProtocolHandler("info:lccn/{lccnID}", "htttp://www.librarything.com/search_works.php?q={lccnID}", "LibraryThing LCCN")
url template registerprotocolhandler firefox technical url scheme protocol boring html5 uri urn 2009 Apr 3, 11:40"'SixthSense' is a wearable gestural interface that augments the physical world around us with digital information and lets us use natural hand gestures to interact with that information." The page
is a lot easier to read with styling turned off. Actually, skip the text just watch the TED video.
visualization design research mit hci mobile interactive ted 2009 Apr 1, 1:22Is it still a _real-time_ strategy game if you travel through time? "If another player is attempting to adversely change the past, players will sometimes keep racing back to out-undo each other.
Anything that must travel back in time in order to maintain the current state of causality is denoted to the player, which helps manage paradoxes."
video videogame time-travel strategy rts game 2009 Apr 1, 10:42Lol at actual Facebook app that does IPv6 over Facebook. "...most network users are not aware of what IPv6 is or are even afraid by IPv6 because it is unknown. On the other hand, Social Networks
(like Facebook, LinkedIn, etc.) are well-known by users and the usage of those networks is huge... With IPv6 over Social Network (IPoSN): * Every user is a router with at least one loopback
interface; * Every friend or connection between users will be used as a point-to-point link... A working prototype has been developed by the author and is freely available: IPv6 over Facebook Social
Network [IPv6overFacebook]."
humor social network ipv6 ip iposn facebook ietf rfc 2009 Apr 1, 9:54Lol at end of final sentence: "Two Gmail accounts can happily converse with each other for up to three messages each. Beyond that, our experiments have shown a significant decline in the quality
ranking of Autopilot's responses and further messages may commit you to dinner parties or baby namings in which you have no interest."
humor google gmail ai email 2009 Apr 1, 9:48"For our latest mission, 30 Improv Everywhere agents found a random funeral in the obituary section of the newspaper and turned it into the best funeral ever... The family, especially the older
couple in the middle, were seriously mourning. They seemed to be focusing on the priest and mostly ignoring us. Still, we had to be as serious as we possibly could. If anyone cracked a smile or
giggled we would completely ruin the funeral for the family."
humor parody video improv-everywhere 2009 Mar 26, 2:24"Yesterday's remix challenge -- to mock the ridiculous new "anti-terrorism" posters the London police have put up that tell you to spy on your neighbors -- was a smashing success. I've collected the
25 or so that came in to date below". I enjoyed: "A bomb won't go off here because people tend to be quite nice really." "Terribly convenient, isn't it? Incriminating evidence left right out where
you'll spot it and call it in..." "A bomb won't go off here because the true likelihood of you being the victim of a terror attack is really very low, especially when compared to other causes of
death or injury."
humor politics poster paranoia security via:boingboing.comments photoshop privacy
Some rights reserved